Debian Bug report logs -
#1023424
openssl: CVE-2022-2097
Package:
openssl;
Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-listsdebiannet>; Source for openssl is src:openssl (PTS, buildd, popcon)
Reported by: "nospam099-github@yahoocom" <nospam099-github@yahoocom>
Date: Thu, 3 Nov 2022 20 ...
It was discovered that the c_rehash script included in OpenSSL did not
sanitise shell meta characters which could result in the execution of
arbitrary commands
For the oldstable distribution (buster), this problem has been fixed
in version 111n-0+deb10u3
For the stable distribution (bullseye), this problem has been fixed in
version 111n-0+deb ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
Synopsis
Important: Satellite 61156 async security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Updated Satellite 611 packages that fix several bugs are now available for Red Hat SatelliteRed Hat Product Se ...
Synopsis
Important: Self Node Remediation Operator 041 security update
Type/Severity
Security Advisory: Important
Topic
This is an updated release of the Self Node Remediation Operator The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated t ...
Synopsis
Moderate: OpenShift Container Platform 4111 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4111 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Synopsis
Important: Red Hat Satellite Client security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Sate ...
Synopsis
Critical: Red Hat Advanced Cluster Management 252 security fixes and bug fixes
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 252 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof C ...
Synopsis
Important: OpenShift Virtualization 4120 Images security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Synopsis
Moderate: Openshift Logging Security and Bug Fix update (5311)
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (5311)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rat ...
Synopsis
Moderate: Gatekeeper Operator v02 security and container updates
Type/Severity
Security Advisory: Moderate
Topic
Gatekeeper Operator v02 security updatesRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity ratin ...
Synopsis
Moderate: Multicluster Engine for Kubernetes 21 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Multicluster Engine v21Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, ...
Synopsis
Important: Logging Subsystem 550 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for RHOL-55-RHEL-8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed ...
概述
Important: Node Maintenance Operator 4111 security update
类型/严重性
Security Advisory: Important
标题
An update for node-maintenance-must-gather-container, node-maintenance-operator-bundle-container, and node-maintenance-operator-container is now available for Node Maintenance Operator 411 for RHEL 8 This Operator is deliv ...
Synopsis
Moderate: RHSA: Submariner 013 - security and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
Submariner 013 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 26Red Hat Product Security has rated ...
Synopsis
Moderate: Red Hat JBoss Web Server 571 release and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Web Server 571 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft WindowsRed Hat Product Security has rated this release as having a security impact ...
Synopsis
Moderate: OpenShift API for Data Protection (OADP) 104 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift API for Data Protection (OADP) 104 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Moderate: Red Hat OpenShift Service Mesh 222 Containers security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Service Mesh 222 ContainersRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
概述
Moderate: Logging Subsystem 545 Security and Bug Fix Update
类型/严重性
Security Advisory: Moderate
标题
Logging Subsystem 545 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rat ...
Synopsis
Moderate: openssl security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Synopsis
Critical: Red Hat Advanced Cluster Management 246 security update and bug fixes
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 246 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...
Synopsis
Moderate: RHACS 372 enhancement and security update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes new features and bug fixesRed Hat Product Security has rated this update as having a security impact of Moderat ...
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openssl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 260 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 260 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof ...
概要
Moderate: OpenShift sandboxed containers 131 security fix and bug fix update
タイプ/重大度
Security Advisory: Moderate
トピック
OpenShift sandboxed containers 131 is now available
説明
OpenShift sandboxed containers support for OpenShift Container Platformprovides users with built-in support for running Kata containe ...
Synopsis
Moderate: New container image for Red Hat Ceph Storage 52 Security update
Type/Severity
Security Advisory: Moderate
Topic
A new container image for Red Hat Ceph Storage 52 is now available in the Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 2312 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 2312 GeneralAvailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a secur ...
Synopsis
Important: Release of containers for OSP 162z director operator tech preview
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenStack Platform 162 (Train) director operator containers, with several Important security fixes, are available for technology preview
Description
Release osp-director-operator imagesSecurity F ...
Synopsis
Moderate: OpenShift API for Data Protection (OADP) 110 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift API for Data Protection (OADP) 110 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Important: OpenShift Virtualization 4110 Images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Synopsis
Moderate: Logging Subsystem 555 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis
Important: OpenShift Container Platform 4110 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Synopsis
Critical: Multicluster Engine for Kubernetes 202 security and bug fixes
Type/Severity
Security Advisory: Critical
Topic
Multicluster Engine for Kubernetes 202 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critical A Com ...
Synopsis
Important: Red Hat OpenShift Data Foundation 4110 security, enhancement, & bugfix update
Type/Severity
Security Advisory: Important
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4110 on Red Hat Enterprise Linux 8Red Hat Product Securit ...
Synopsis
Moderate: Red Hat JBoss Web Server 571 release and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat JBoss Web Server 571 on Red Hat Enterprise Linux versio ...
Synopsis
Moderate: OpenShift Virtualization 4111 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Virtualization release 4111 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...
Synopsis
Important: Satellite 61252 Async Security Update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
Updated Satellite 612 packages that fixes important security bugs and severalregular bugs are now available for ...
Synopsis
Moderate: RHOSDT 260 operator/operand containers Security Update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat Openshift distributed tracing 260Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis
Moderate: Openshift Logging 5314 bug fix release and security update
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2451 SP1 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Securi ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP1 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sco ...
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
A null pointer dereference flaw was found in openssl A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service The highest threat from this vulnerability is to system availability (CVE-2020-1971)
Calls to EVP_CipherUpdate, EVP_En ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...
A flaw was found in OpenSSL The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell Some operating systems distribute this script in a manner where it is automatically executed On these operating systems, this flaw a ...