JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Astra Linux - уязвимость в openssl

In addition to the crehash shell command injection identified in CVE-2022-1292, further instances where the crehash script fails to properly sanitize shell metacharacters to prevent command injection were discovered during code reviews. When CVE-2022-1292 was fixed, it wasn’t recognized that ther...

Vulnerabilities fixed in OpenSSL

Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...