1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/vendor/golang.org/x
Sebastiaan van Stijn 917b44799d
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 13:59:03 +01:00
..
crypto vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 13:59:03 +01:00
net vendor: github.com/containerd/containerd v1.6.1 2022-03-10 17:48:10 -05:00
oauth2 vendor: golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f 2022-03-01 18:03:34 +01:00
sync vendor: regenerate 2022-01-18 15:46:04 +01:00
sys vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 2022-02-06 16:28:59 +09:00
text vendor: golang.org/x/text v0.3.6: 2022-02-14 15:35:01 +01:00
time vendor: golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 2022-02-14 15:39:04 +01:00
xerrors vendor: regenerate 2022-01-18 15:46:04 +01:00