Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-4398

CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]

XMLWordPrintable

    • Moderate
    • None
    • 2
    • Sprint 229
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh.

      Consequence: This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.

      Fix: update golang.org/x/crypto/ssh to v0.0.0-20220315160706-3147a52a75

      Result: flaw is fixed.
      Show
      Cause: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. Consequence: This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. Fix: update golang.org/x/crypto/ssh to v0.0.0-20220315160706-3147a52a75 Result: flaw is fixed.
    • CVE - Common Vulnerabilities and Exposures

      Description of problem:

      This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=2074299 for backporting purposes.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

            rdossant Rafael Fonseca dos Santos
            rdossant Rafael Fonseca dos Santos
            Gaoyun Pei Gaoyun Pei
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: