Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-4398

CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

    XMLWordPrintable

Details

    • Moderate
    • 2
    • Sprint 229
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh.

      Consequence: This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.

      Fix: update golang.org/x/crypto/ssh to v0.0.0-20220315160706-3147a52a75

      Result: flaw is fixed.
      Show
      Cause: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. Consequence: This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. Fix: update golang.org/x/crypto/ssh to v0.0.0-20220315160706-3147a52a75 Result: flaw is fixed.
    • CVE - Common Vulnerabilities and Exposures

    Description

      Description of problem:

      This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=2074299 for backporting purposes.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-3249 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          depends on

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-3249 CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/installer#6652: [release-4.11] OCPBUGS-4398: update golang.org/x/crypto

          Activity

            People

              rdossant Rafael Fonseca dos Santos
              rdossant Rafael Fonseca dos Santos
              Gaoyun Pei Gaoyun Pei
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: