Debian Security Advisory 5139-1

Debian Security Advisory 5139-1: Posted May 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5139-1 - Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.; tags | advisory, arbitrary, shell; systems | linux, debian; advisories | CVE-2022-1292; SHA-256 | ef79c3ca5c1efbccff9dc61bd33193432c830b87ff4fe6b1269b865f1331e44a; Download | Favorite | View

Debian Security Advisory 5139-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5139-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 17, 2022                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2022-1292

Elison Niven discovered that the c_rehash script included in OpenSSL did
not sanitise shell meta characters which could result in the execution
of arbitrary commands.

For the oldstable distribution (buster), this problem has been fixed
in version 1.1.1n-0+deb10u2.

For the stable distribution (bullseye), this problem has been fixed in
version 1.1.1n-0+deb11u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKD8YIACgkQEMKTtsN8
Tjbf/Q/9EeIjNdesEYJjq1KlyR2YB1xrDqXu62JsgberEXwKjXj1qPLV8yfTqTDr
h9lq0Q7GTbE9cOREfD9A0iyY8I4bTPsHUtqQXmFJBcxYX+JBW7WFQrioXa14SWw9
XVBWjIg0JbCxR0paYjZs5PZ7pJGqkFfbf1atsVyjM+qfkUZ0N8G70qdhIdUA71dH
gCOPdG4NbbuQlEs+mSwjos4WlAtKw6E/OzY7wd/5DvLfQgRJNCHRKDBczzn60UPm
X2dOLOkNgZgH67cdHDnKwJGQ2XwQ0mjFmgsGuHe4KEh+ZOFDunCeeVaQP0sZuf0d
Hsduvqb3VAJcpbR6h+JvwTqgwDikvHk3mjbqOT38mRvzQuwiJq+vTyWJPrFqTjIL
lWuPmFGmQ3JrYwAs4/XtJGgDuDsmVFBesyWoHOsbORSvsdilc3PLDAAFln5Gq6Fc
u2v1IK4JHugncR137Vf9h3C+voG3d5VpGP27ffAH/BrfAZ3mfMDAV70fSDXWAGgw
M+zm0Cc+JdDNyS5jaM+hKuMl4SGf4xlGc8eabNGRvz9ONJ3Dve4sL93OlTrSMhMz
Sg3NcdX5RaZ030w8KH9yGhI9HZZaOaJ5a7TZ8+jYTF1mIza3N3X86Vk9dBBdWAv9
xIowwsw+u2Hv4lb1Lt+lDIHewG8dCmWVbv99AgBt7omXZz1REJs=
=8cyP
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 391 files
Ubuntu 65 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
Google Security Research 5 files
nu11secur1ty 5 files
Jann Horn 5 files
h00die 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,754)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,892)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,512)
UNIX (9,403)
UnixWare (187)
Windows (6,660)
Other

Debian Security Advisory 5139-1

Debian Security Advisory 5139-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5139-1

Share This

Debian Security Advisory 5139-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems