Lucene search
AmazonALAS-2022-1626HistoryJul 28, 2022 - 8:38 p.m.
Medium: openssl
2022-07-2820:38:00
alas.aws.amazon.com
13
0.106 Low
EPSS
Percentile
95.1%
Issue Overview:
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script. (CVE-2022-2068)
Affected Packages:
openssl
Issue Correction:
Run yum update openssl to update your system.
New Packages:
i686:
openssl-devel-1.0.2k-16.159.amzn1.i686
openssl-1.0.2k-16.159.amzn1.i686
openssl-static-1.0.2k-16.159.amzn1.i686
openssl-perl-1.0.2k-16.159.amzn1.i686
openssl-debuginfo-1.0.2k-16.159.amzn1.i686
src:
openssl-1.0.2k-16.159.amzn1.src
x86_64:
openssl-perl-1.0.2k-16.159.amzn1.x86_64
openssl-1.0.2k-16.159.amzn1.x86_64
openssl-debuginfo-1.0.2k-16.159.amzn1.x86_64
openssl-static-1.0.2k-16.159.amzn1.x86_64
openssl-devel-1.0.2k-16.159.amzn1.x86_64
Additional References
Red Hat: CVE-2022-2068
Mitre: CVE-2022-2068
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | openssl-devel | < 1.0.2k-16.159.amzn1 | openssl-devel-1.0.2k-16.159.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl | < 1.0.2k-16.159.amzn1 | openssl-1.0.2k-16.159.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-static | < 1.0.2k-16.159.amzn1 | openssl-static-1.0.2k-16.159.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-perl | < 1.0.2k-16.159.amzn1 | openssl-perl-1.0.2k-16.159.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openssl-debuginfo | < 1.0.2k-16.159.amzn1 | openssl-debuginfo-1.0.2k-16.159.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | openssl-perl | < 1.0.2k-16.159.amzn1 | openssl-perl-1.0.2k-16.159.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl | < 1.0.2k-16.159.amzn1 | openssl-1.0.2k-16.159.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-debuginfo | < 1.0.2k-16.159.amzn1 | openssl-debuginfo-1.0.2k-16.159.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-static | < 1.0.2k-16.159.amzn1 | openssl-static-1.0.2k-16.159.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openssl-devel | < 1.0.2k-16.159.amzn1 | openssl-devel-1.0.2k-16.159.amzn1.x86_64.rpm |
Related
nessus
nessus
Amazon Linux 2 : openssl (ALAS-2022-1831)
2022-08-08 00:00:00
SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2181-1)
2022-06-27 00:00:00
SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)
2022-06-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1q-alt1
2022-07-08 00:00:00
openvas
openvas
openSUSE: Security Advisory for openssl (SUSE-SU-2022:2251-2)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2446)
2022-10-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2182-1)
2022-06-27 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
broadcom
broadcom
amazon
amazon
Medium: openssl
2022-07-28 21:55:00
Medium: openssl11
2022-07-28 21:55:00
Medium: openssl11
2022-07-06 03:14:00
redhat
redhat
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:28:19
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:20:51
(RHSA-2022:5818) Moderate: openssl security update
2022-08-02 07:00:02
suse
suse
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
cvelist
cvelist
CVE-2022-2068 The c_rehash script allows command injection
2022-06-21 00:00:00
prion
prion
Command injection
2022-06-21 15:15:00
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
debiancve
debiancve
CVE-2022-2068
2022-06-21 15:15:00
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
ubuntucve
ubuntucve
CVE-2022-2068
2022-06-21 00:00:00
CVE-2022-1292
2022-05-03 00:00:00
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:00
slackware
slackware
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-06-23 05:32:23
osv
osv
CVE-2022-2068
2022-06-21 15:15:09
Moderate: openssl security update
2022-08-03 00:00:00
Moderate: openssl security update
2022-08-02 07:00:02
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
cve
cve
CVE-2022-2068
2022-06-21 15:15:00
CVE-2022-1292
2022-05-03 16:15:00
oraclelinux
oraclelinux
openssl security update
2022-08-05 00:00:00
openssl security update
2022-08-02 00:00:00
openssl security and bug fix update
2022-08-30 00:00:00
ibm
ibm
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
rocky
rocky
openssl security update
2022-08-02 07:00:02
openssl security and bug fix update
2023-01-26 21:50:01
almalinux
almalinux
Moderate: openssl security update
2022-08-03 00:00:00
ubuntu
ubuntu
Node.js vulnerabilities
2023-10-30 00:00:00
OpenSSL vulnerability
2022-07-06 00:00:00
OpenSSL vulnerability
2022-06-21 00:00:00
veracode
veracode
Command Injection
2022-06-22 12:42:34
nodejsblog
nodejsblog
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Openssl
2022-05-25 07:06:48
Exploit for OS Command Injection in Openssl
2022-09-01 07:00:00
Exploit for OS Command Injection in Openssl
2022-07-26 11:33:10
debian
debian
[SECURITY] [DSA 5139-1] openssl security update
2022-05-17 19:10:59
[SECURITY] [DSA 5169-1] openssl security update
2022-06-26 18:26:57
[SECURITY] [DLA 3008-1] openssl security update
2022-05-15 02:10:37
ics
ics
Mitsubishi Electric GT SoftGOT2000
2022-11-15 12:00:00
cloudfoundry
cloudfoundry
USN-5488-1: OpenSSL vulnerability | Cloud Foundry
2022-07-28 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2022-07-01 00:31:09
Updated openssl packages fix security vulnerability
2022-05-12 13:24:45
freebsd
freebsd
OpenSSL -- Command injection vulnerability
2022-06-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2068 affecting package openssl 1.1.1k-16
2022-07-14 20:59:56
CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17
2022-07-01 21:02:21
checkpoint_advisories
checkpoint_advisories
OpenSSL c_rehash Script Command Injection (CVE-2022-1292)
2022-11-14 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0408
2022-06-22 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36
2022-07-06 01:38:37