-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl: Potential Command Injection (CVE-2022-1292) #4249
Labels
security
Topic/issue involves a security issue/fixed
Comments
Dup #3958 |
CamberLoid
added a commit
that referenced
this issue
Oct 17, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Oct 17, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 10, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 10, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 11, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 11, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 12, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 12, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 23, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 23, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE IDs
CVE-2022-1292
Other security advisory IDs
Upstream: https://www.openssl.org/news/secadv/20220705.txt
Gentoo: https://security.gentoo.org/glsa/202210-02
Debian: https://www.debian.org/security/2022/dsa-5139
Description
Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.
Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)
Patches
N/A
PoC(s)
N/A
The text was updated successfully, but these errors were encountered: