beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/vendor/golang.org/x/crypto
History
Sebastiaan van Stijn 917b44799d
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 13:59:03 +01:00
..
blowfish vendor: github.com/moby/buildkit v0.8.0-rc2 2020-11-19 10:31:35 +01:00
chacha20 go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083 2021-12-03 09:19:28 +01:00
cryptobyte vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 13:59:03 +01:00
curve25519 vendor: regenerate 2022-01-18 15:46:04 +01:00
ed25519 vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 13:59:03 +01:00
internal go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083 2021-12-03 09:19:28 +01:00
nacl go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083 2021-12-03 09:19:28 +01:00
ocsp vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 13:59:03 +01:00
pbkdf2 Bump SwarmKit to f74983e7c015a38a81c8642803a78b8322cf7eac 2018-02-09 18:39:49 -08:00
pkcs12 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9 2020-11-19 10:30:16 +01:00
salsa20/salsa go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083 2021-12-03 09:19:28 +01:00
ssh vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 13:59:03 +01:00
AUTHORS vendor: regenerate 2022-01-18 15:46:04 +01:00
CONTRIBUTORS vendor: regenerate 2022-01-18 15:46:04 +01:00
LICENSE project: use vndr for vendoring 2016-11-03 15:31:46 -07:00
PATENTS project: use vndr for vendoring 2016-11-03 15:31:46 -07:00