Main Vulnerability Database SB2022041817

SB2022041817 - Fedora 34 update for bettercap, chisel, commit-stream, containerd, gobuster, golang-contrib-opencensus-resource, golang-gioui, golang-github-appc-docker2aci, golang-github-appc-goaci, golang-github-appc-spec, golang-github-containerd-continuity, golang-gi

Published: April 18, 2022

Security Bulletin ID SB2022041817

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-27191)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2022-5cbd6de569

Vulnerable Software

Fedora: 34
xq: before 0.0.7-3.fc34
snowcrash: before 0-0.6.20201119git49b99ad.fc34
shhgit: before 0.2-6.fc34
shellz: before 1.5.0-6.fc34
onionscan: before 0.2-6.fc34
grpcurl: before 1.8.6-2.fc34
golang-x-perf: before 0-0.14.20210123gitbdcc622.fc34
golang-storj-drpc: before 0.0.16-5.fc34
golang-mongodb-mongo-driver: before 1.4.5-5.fc34
golang-k8s-sample-controller: before 1.22.0-3.fc34
golang-k8s-sample-apiserver: before 1.22.0-4.fc34
golang-k8s-kube-aggregator: before 1.22.0-3.fc34
golang-k8s-code-generator: before 1.22.0-3.fc34
golang-k8s-apiextensions-apiserver: before 1.22.0-5.fc34
golang-gopkg-src-d-git-4: before 4.13.1-7.fc34
golang-github-xordataexchange-crypt: before 0.0.2-11.20190412gitb2862e3.fc34
golang-github-theupdateframework-notary: before 0.7.0-4.fc34
golang-github-spf13-cobra: before 1.4.0-2.fc34
golang-github-redteampentesting-monsoon: before 0.6.0-5.fc34
golang-github-prometheus-tsdb: before 0.10.0-6.fc34
golang-github-prometheus-node-exporter: before 1.3.1-7.fc34
golang-github-prometheus-alertmanager: before 0.23.0-8.fc34
golang-github-prometheus: before 2.32.1-4.fc34
golang-github-pact-foundation: before 1.5.1-5.fc34
golang-github-oklog: before 0.3.2-9.20190701gitca7cdf5.fc34
golang-github-intel-goresctrl: before 0.2.0-4.fc34
golang-github-instrumenta-kubeval: before 0.15.0-7.fc34
golang-github-googlecloudplatform-cloudsql-proxy: before 1.19.1-5.fc34
golang-github-googleapis-gnostic: before 0.5.3-5.fc34
golang-github-google-slothfs: before 0-0.10.20200727git59c1163.fc34
golang-github-google-containerregistry: before 0.5.1-4.fc34
golang-github-gohugoio-testmodbuilder: before 0-0.9.20201030git72e1e0c.fc34
golang-github-gogo-googleapis: before 1.4.1-3.fc34
golang-github-francoispqt-gojay: before 1.2.13-6.fc34
golang-github-envoyproxy-protoc-gen-validate: before 0.4.1-5.fc34
golang-github-coredns-corefile-migration: before 1.0.11-5.fc34
golang-github-containerd-stargz-snapshotter: before 0.7.0-4.fc34
golang-github-containerd-continuity: before 0.2.2-2.fc34
golang-github-appc-spec: before 0.8.11-13.fc34
golang-github-appc-goaci: before 0.1.1-10.fc34
golang-github-appc-docker2aci: before 0.17.2-8.fc34
golang-gioui: before 0-7.20201225git18d4dbf.fc34
golang-contrib-opencensus-resource: before 0.1.2-6.fc34
gobuster: before 3.1.0-2.fc34
containerd: before 1.6.2-3.fc34
commit-stream: before 0.1.2-6.fc34
chisel: before 1.7.7-2.fc34
bettercap: before 2.28-9.fc34