A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. References: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU. https://go.dev/issue/56152. Upstream Commit: https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.9 Via RHSA-2022:7407 https://access.redhat.com/errata/RHSA-2022:7407
This issue has been addressed in the following products: OpenShift Logging 5.3 Via RHSA-2022:6882 https://access.redhat.com/errata/RHSA-2022:6882
This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:7434 https://access.redhat.com/errata/RHSA-2022:7434
This issue has been addressed in the following products: Logging subsystem for Red Hat OpenShift 5.4 Via RHSA-2022:7435 https://access.redhat.com/errata/RHSA-2022:7435
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2023:0481 https://access.redhat.com/errata/RHSA-2023:0481
This issue has been addressed in the following products: OADP-1.0-RHEL-8 Via RHSA-2023:0692 https://access.redhat.com/errata/RHSA-2023:0692
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2023:0795 https://access.redhat.com/errata/RHSA-2023:0795
This issue has been addressed in the following products: OpenShift Custom Metrics Autoscaler 2 Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32149
This issue has been addressed in the following products: RHEL-9-CNV-4.13 RHEL-7-CNV-4.13 RHEL-8-CNV-4.13 Via RHSA-2023:3204 https://access.redhat.com/errata/RHSA-2023:3204
This issue has been addressed in the following products: RHEL-9-CNV-4.13 Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613
Created golang tracking bugs for this issue: Affects: epel-all [bug 2217701] Affects: fedora-all [bug 2217702]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1994 https://access.redhat.com/errata/RHSA-2024:1994
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:2077 https://access.redhat.com/errata/RHSA-2024:2077