Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
kubevirt.22268
0001-Fix-golang.org-x-crypto-CVE-2021-43565.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-golang.org-x-crypto-CVE-2021-43565.patch of Package kubevirt.22268
From 4de8c1ddc652fe4df8e4336f9e84ed555f03b363 Mon Sep 17 00:00:00 2001 From: Vasiliy Ulyanov <vulyanov@suse.de> Date: Wed, 22 Dec 2021 09:38:46 +0100 Subject: [PATCH] Fix golang.org/x/crypto (CVE-2021-43565) Apply the patch to vendor dependencies: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 This fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. Reference: https://github.com/golang/go/issues/49932 https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 https://bugzilla.redhat.com/show_bug.cgi?id=2030787 https://bugzilla.suse.com/show_bug.cgi?id=1193930 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43565 Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de> --- vendor/golang.org/x/crypto/ssh/cipher.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go index 8bd6b3daf..ccd82bc7a 100644 --- a/vendor/golang.org/x/crypto/ssh/cipher.go +++ b/vendor/golang.org/x/crypto/ssh/cipher.go @@ -394,6 +394,10 @@ func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) } c.incIV() + if len(plain) == 0 { + return nil, errors.New("ssh: empty packet") + } + padding := plain[0] if padding < 4 { // padding is a byte, so it automatically satisfies @@ -710,6 +714,10 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([ plain := c.buf[4:contentEnd] s.XORKeyStream(plain, plain) + if len(plain) == 0 { + return nil, errors.New("ssh: empty packet") + } + padding := plain[0] if padding < 4 { // padding is a byte, so it automatically satisfies -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor