Lucene search
AmazonALAS2-2022-1831HistoryJul 28, 2022 - 9:55 p.m.
Medium: openssl
2022-07-2821:55:00
alas.aws.amazon.com
28
Issue Overview:
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script. (CVE-2022-2068)
Affected Packages:
openssl
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update openssl to update your system.
New Packages:
aarch64:
openssl-1.0.2k-24.amzn2.0.4.aarch64
openssl-libs-1.0.2k-24.amzn2.0.4.aarch64
openssl-devel-1.0.2k-24.amzn2.0.4.aarch64
openssl-static-1.0.2k-24.amzn2.0.4.aarch64
openssl-perl-1.0.2k-24.amzn2.0.4.aarch64
openssl-debuginfo-1.0.2k-24.amzn2.0.4.aarch64
i686:
openssl-1.0.2k-24.amzn2.0.4.i686
openssl-libs-1.0.2k-24.amzn2.0.4.i686
openssl-devel-1.0.2k-24.amzn2.0.4.i686
openssl-static-1.0.2k-24.amzn2.0.4.i686
openssl-perl-1.0.2k-24.amzn2.0.4.i686
openssl-debuginfo-1.0.2k-24.amzn2.0.4.i686
src:
openssl-1.0.2k-24.amzn2.0.4.src
x86_64:
openssl-1.0.2k-24.amzn2.0.4.x86_64
openssl-libs-1.0.2k-24.amzn2.0.4.x86_64
openssl-devel-1.0.2k-24.amzn2.0.4.x86_64
openssl-static-1.0.2k-24.amzn2.0.4.x86_64
openssl-perl-1.0.2k-24.amzn2.0.4.x86_64
openssl-debuginfo-1.0.2k-24.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2022-2068
Mitre: CVE-2022-2068
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | openssl | < 1.0.2k-24.amzn2.0.4 | openssl-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | openssl-libs | < 1.0.2k-24.amzn2.0.4 | openssl-libs-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | openssl-devel | < 1.0.2k-24.amzn2.0.4 | openssl-devel-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | openssl-static | < 1.0.2k-24.amzn2.0.4 | openssl-static-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | openssl-perl | < 1.0.2k-24.amzn2.0.4 | openssl-perl-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | openssl-debuginfo | < 1.0.2k-24.amzn2.0.4 | openssl-debuginfo-1.0.2k-24.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | i686 | openssl | < 1.0.2k-24.amzn2.0.4 | openssl-1.0.2k-24.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | openssl-libs | < 1.0.2k-24.amzn2.0.4 | openssl-libs-1.0.2k-24.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | openssl-devel | < 1.0.2k-24.amzn2.0.4 | openssl-devel-1.0.2k-24.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | openssl-static | < 1.0.2k-24.amzn2.0.4 | openssl-static-1.0.2k-24.amzn2.0.4.i686.rpm |
Related
nessus
nessus
EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2022-2215)
2022-08-17 00:00:00
EulerOS 2.0 SP5 : openssl (EulerOS-SA-2022-2446)
2022-10-08 00:00:00
SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2180-1)
2022-06-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1q-alt1
2022-07-08 00:00:00
amazon
amazon
Medium: openssl
2022-07-28 20:38:00
Medium: openssl11
2022-07-28 21:55:00
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2629)
2022-10-28 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2228)
2022-08-18 00:00:00
openSUSE: Security Advisory for openssl-1_0_0 (SUSE-SU-2022:2321-1)
2022-07-08 00:00:00
slackware
slackware
[slackware-security] openssl
2022-06-23 05:32:23
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-05-04 21:32:34
redhat
redhat
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:20:51
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:28:19
(RHSA-2022:5818) Moderate: openssl security update
2022-08-02 07:00:02
ubuntucve
ubuntucve
CVE-2022-2068
2022-06-21 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
suse
suse
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
debiancve
debiancve
CVE-2022-2068
2022-06-21 15:15:00
CVE-2022-1292
2022-05-03 16:15:00
cvelist
cvelist
CVE-2022-2068 The c_rehash script allows command injection
2022-06-21 00:00:00
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
prion
prion
Command injection
2022-06-21 15:15:00
osv
osv
CVE-2022-2068
2022-06-21 15:15:09
Moderate: openssl security update
2022-08-03 00:00:00
Moderate: openssl security update
2022-08-02 07:00:02
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
cve
cve
CVE-2022-2068
2022-06-21 15:15:00
broadcom
broadcom
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
ibm
ibm
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
oraclelinux
oraclelinux
openssl security update
2022-08-02 00:00:00
openssl security update
2022-08-05 00:00:00
openssl security and bug fix update
2022-08-30 00:00:00
almalinux
almalinux
Moderate: openssl security update
2022-08-03 00:00:00
Moderate: openssl security and bug fix update
2022-08-30 00:00:00
rocky
rocky
openssl security update
2022-08-02 07:00:02
openssl security and bug fix update
2023-01-26 21:50:01
ubuntu
ubuntu
Node.js vulnerabilities
2023-10-30 00:00:00
OpenSSL vulnerability
2022-06-21 00:00:00
OpenSSL vulnerability
2022-07-06 00:00:00
debian
debian
[SECURITY] [DSA 5169-1] openssl security update
2022-06-26 18:27:15
ics
ics
Mitsubishi Electric GT SoftGOT2000
2022-11-15 12:00:00
cloudfoundry
cloudfoundry
USN-5488-1: OpenSSL vulnerability | Cloud Foundry
2022-07-28 00:00:00
nodejsblog
nodejsblog
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2022-07-01 00:31:09
cbl_mariner
cbl_mariner
CVE-2022-2068 affecting package openssl 1.1.1k-16
2022-07-14 20:59:56
CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17
2022-07-01 21:02:21
CVE-2022-1292 affecting package openssl 1.1.1k-9
2022-05-26 19:04:39
freebsd
freebsd
OpenSSL -- Command injection vulnerability
2022-06-21 00:00:00
veracode
veracode
Command Injection
2022-06-22 12:42:34
OS Command Injection
2022-05-11 10:47:23
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0408
2022-06-22 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36
2022-07-06 01:38:37
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1o-1.fc36
2022-06-23 00:41:52
[SECURITY] Fedora 35 Update: openssl-1.1.1o-1.fc35
2022-06-29 01:50:51
githubexploit
githubexploit
Exploit for OS Command Injection in Openssl
2022-09-13 22:01:05
Exploit for OS Command Injection in Openssl
2022-05-30 16:59:54