Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3249

CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

XMLWordPrintable

    • Moderate
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, the `golang.org/x/crypto/ssh` package had an issue where an attacker could cause an SSH server to reject clients using the SHA-2 algorithm. This release fixes the broken cryptographic algorithm in the `golang.org/x/crypto/ssh`, allowing users to encrypt data using the SHA-2 algorithm without issue.

      (link:https://issues.redhat.com/browse/OCPBUGS-3249[*OCPBUGS-3249*]
      Show
      Previously, the `golang.org/x/crypto/ssh` package had an issue where an attacker could cause an SSH server to reject clients using the SHA-2 algorithm. This release fixes the broken cryptographic algorithm in the `golang.org/x/crypto/ssh`, allowing users to encrypt data using the SHA-2 algorithm without issue. (link: https://issues.redhat.com/browse/OCPBUGS-3249 [* OCPBUGS-3249 *]
    • CVE - Common Vulnerabilities and Exposures
    • Done

      Description of problem:

      This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=2074299 for backporting purposes.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

              rdossant Rafael Fonseca dos Santos
              rdossant Rafael Fonseca dos Santos
              Gaoyun Pei Gaoyun Pei
              Darragh Fitzmaurice Darragh Fitzmaurice
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: