-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
5
-
True
-
requires fix in ubi/go-toolset
-
False
-
-
Security Tracking Issue
Do not make this issue public.
Impact: Moderate
Reported Date: 05-Mar-2024
Resolve Bug By: 03-Jun-2024
In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX (in Bugzilla) or Closed:Won't Do (in Jira) if you decide not to fix this bug.
Please review this tracker and its impact on your product or service, as soon as possible. The trackers are filed WITHOUT in-depth analysis as the vulnerability has a Low or Moderate severity impact on this product or service. For more details, please refer to following confluence page - https://docs.engineering.redhat.com/x/3e_3EQ
Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw
Flaw:
CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
https://bugzilla.redhat.com/show_bug.cgi?id=2268019
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic.
This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
- blocks
-
COST-4916 Cost Management Operator 3.3.0
- Closed
- links to
-
RHBA-2024:132865 Cost Management security fix and enhancement update