A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli. References: https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8 Via RHSA-2024:0298 https://access.redhat.com/errata/RHSA-2024:0298
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:0641 https://access.redhat.com/errata/RHSA-2024:0641
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:0642 https://access.redhat.com/errata/RHSA-2024:0642
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 Via RHSA-2024:0729 https://access.redhat.com/errata/RHSA-2024:0729
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:0735 https://access.redhat.com/errata/RHSA-2024:0735
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:0740 https://access.redhat.com/errata/RHSA-2024:0740
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:0741 https://access.redhat.com/errata/RHSA-2024:0741
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8 Via RHSA-2024:0820 https://access.redhat.com/errata/RHSA-2024:0820
This issue has been addressed in the following products: RHOSS-1.31-RHEL-8 Via RHSA-2024:0843 https://access.redhat.com/errata/RHSA-2024:0843
Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: epel-8 [bug 2259799]
Created cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259801]
Created pack tracking bugs for this issue: Affects: epel-8 [bug 2259800]
Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259802]
Created cri-o:1.23/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259803]
Created cri-o:1.27/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259807]
This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:0880 https://access.redhat.com/errata/RHSA-2024:0880
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:0832 https://access.redhat.com/errata/RHSA-2024:0832
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:0845 https://access.redhat.com/errata/RHSA-2024:0845
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:0833 https://access.redhat.com/errata/RHSA-2024:0833
This issue has been addressed in the following products: multicluster-globalhub 1.0 for RHEL 8 Via RHSA-2024:0989 https://access.redhat.com/errata/RHSA-2024:0989
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2023:7197 https://access.redhat.com/errata/RHSA-2023:7197
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1052 https://access.redhat.com/errata/RHSA-2024:1052
Created pack tracking bugs for this issue: Affects: fedora-39 [bug 2259823]
Created grafana tracking bugs for this issue: Affects: fedora-39 [bug 2259821]
Created golang-github-hashicorp-hc-install tracking bugs for this issue: Affects: fedora-39 [bug 2259819]
Created golang-github-git-5 tracking bugs for this issue: Affects: fedora-39 [bug 2259817]
Created cri-o tracking bugs for this issue: Affects: fedora-39 [bug 2259815]
Created pack tracking bugs for this issue: Affects: fedora-38 [bug 2259813]
Created grafana tracking bugs for this issue: Affects: fedora-38 [bug 2259811]
Created golang-github-hashicorp-hc-install tracking bugs for this issue: Affects: fedora-38 [bug 2259809]
Created cri-o:1.26/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259806]
Created cri-o:1.24/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259804]
Created golang-github-git-5 tracking bugs for this issue: Affects: fedora-38 [bug 2259808]
Created cri-o:1.25/cri-o tracking bugs for this issue: Affects: fedora-38 [bug 2259805]
(In reply to Jeremy West from comment #118) > Created cri-o:1.25/cri-o tracking bugs for this issue: > > Affects: fedora-38 [bug 2259805] cri-o 1.25 (and kubernetes 1.25) were in Fedora 37 which is end of life. Kubernetes 1.25 is also end of life. Propose cri-o 1.25 also be end of life
(In reply to Jeremy West from comment #116) > Created cri-o:1.24/cri-o tracking bugs for this issue: > > Affects: fedora-38 [bug 2259804] Should be end-of-life. Availble for fedora 36.
(In reply to Jeremy West from comment #90) > Created cri-o:1.27/cri-o tracking bugs for this issue: > > Affects: fedora-38 [bug 2259807] cri-o 1.27 is default cri-o for fedora 39.
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.9 Via RHSA-2024:0691 https://access.redhat.com/errata/RHSA-2024:0691
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.10 Via RHSA-2024:0692 https://access.redhat.com/errata/RHSA-2024:0692
This issue has been addressed in the following products: OPENSHIFT-BUILDS-1.0-RHEL-8 Via RHSA-2024:1557 https://access.redhat.com/errata/RHSA-2024:1557
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:1570 https://access.redhat.com/errata/RHSA-2024:1570
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1896 https://access.redhat.com/errata/RHSA-2024:1896
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1887 https://access.redhat.com/errata/RHSA-2024:1887
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1891 https://access.redhat.com/errata/RHSA-2024:1891
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2047 https://access.redhat.com/errata/RHSA-2024:2047