Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://go.dev/cl/468125 https://go.dev/issue/58001
Created golang tracking bugs for this issue: Affects: epel-all [bug 2178495] Affects: fedora-all [bug 2178496]
This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2023:1639 https://access.redhat.com/errata/RHSA-2023:1639
This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.2.0-RHEL-9 Via RHSA-2023:1817 https://access.redhat.com/errata/RHSA-2023:1817
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:2107 https://access.redhat.com/errata/RHSA-2023:2107
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3083 https://access.redhat.com/errata/RHSA-2023:3083
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1325 https://access.redhat.com/errata/RHSA-2023:1325
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2023:3167 https://access.redhat.com/errata/RHSA-2023:3167
This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3303 https://access.redhat.com/errata/RHSA-2023:3303
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2023:3450 https://access.redhat.com/errata/RHSA-2023:3450
This issue has been addressed in the following products: RHOSS-1.29-RHEL-8 Via RHSA-2023:3455 https://access.redhat.com/errata/RHSA-2023:3455
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3366 https://access.redhat.com/errata/RHSA-2023:3366
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-41724
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
This issue has been addressed in the following products: Service Interconnect 1 for RHEL 8 Service Interconnect 1 for RHEL 9 Via RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.3 for RHEL 8 Via RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470
This issue has been addressed in the following products: CERT-MANAGER-1.10-RHEL-9 Via RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:5935 https://access.redhat.com/errata/RHSA-2023:5935
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:5964 https://access.redhat.com/errata/RHSA-2023:5964
This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2023:5976 https://access.redhat.com/errata/RHSA-2023:5976
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6380 https://access.redhat.com/errata/RHSA-2023:6380
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
This issue has been addressed in the following products: RHEL-9-CNV-4.14 Via RHSA-2023:6817 https://access.redhat.com/errata/RHSA-2023:6817
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939
This issue has been addressed in the following products: RHEL-8-CNV-4.14 Via RHSA-2023:7672 https://access.redhat.com/errata/RHSA-2023:7672
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944