Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3249

CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

    XMLWordPrintable

Details

    • Moderate
    • Hide

      None

      Show
      None
    • Hide
      Previously, the `golang.org/x/crypto/ssh` package had an issue where an attacker could cause an SSH server to reject clients using the SHA-2 algorithm. This release fixes the broken cryptographic algorithm in the `golang.org/x/crypto/ssh`, allowing users to encrypt data using the SHA-2 algorithm without issue.

      (link:https://issues.redhat.com/browse/OCPBUGS-3249[*OCPBUGS-3249*]
      Show
      Previously, the `golang.org/x/crypto/ssh` package had an issue where an attacker could cause an SSH server to reject clients using the SHA-2 algorithm. This release fixes the broken cryptographic algorithm in the `golang.org/x/crypto/ssh`, allowing users to encrypt data using the SHA-2 algorithm without issue. (link: https://issues.redhat.com/browse/OCPBUGS-3249 [* OCPBUGS-3249 *]
    • CVE - Common Vulnerabilities and Exposures
    • Done

    Description

      Description of problem:

      This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=2074299 for backporting purposes.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-3248 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Verified
          depends on

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-3248 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Verified
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-4398 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is depended on by

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-4398 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/installer#6631: [release-4.12] OCPBUGS-3249: update golang.org/x/crypto to address security vulnerabilities

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: OCPBUGS

              People

                rdossant Rafael Fonseca dos Santos
                rdossant Rafael Fonseca dos Santos
                Gaoyun Pei Gaoyun Pei
                Darragh Fitzmaurice Darragh Fitzmaurice
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: