Lucene search

K
slackwareSlackware Linux ProjectSSA-2022-124-02
HistoryMay 04, 2022 - 9:32 p.m.

[slackware-security] openssl

2022-05-0421:32:34
Slackware Linux Project
www.slackware.com
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.097 Low

EPSS

Percentile

94.7%

New openssl packages are available for Slackware 14.2, 15.0, and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/openssl-1.1.1o-i586-1_slack15.0.txz: Upgraded.
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection.
For more information, see:
https://vulners.com/cve/CVE-2022-1292
(* Security fix *)
patches/packages/openssl-solibs-1.1.1o-i586-1_slack15.0.txz: Upgraded.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2u-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2u-i586-3_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2u-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2u-x86_64-3_slack14.2.txz

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1o-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1o-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1o-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1o-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1o-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1o-x86_64-1.txz

MD5 signatures:

Slackware 14.2 packages:
9152e3d7dc57a263630b86f74b2dcb91 openssl-1.0.2u-i586-3_slack14.2.txz
ff64c1be7a00a674e7b5e7daabdafb62 openssl-solibs-1.0.2u-i586-3_slack14.2.txz

Slackware x86_64 14.2 packages:
f00cdddf44ff89a9902d5ce698b96f9c openssl-1.0.2u-x86_64-3_slack14.2.txz
c99427cc179aeadd4a7c1f2517870404 openssl-solibs-1.0.2u-x86_64-3_slack14.2.txz

Slackware 15.0 packages:
251f23dfa198e5bfadd1d574fef23d69 openssl-1.1.1o-i586-1_slack15.0.txz
a8ac31ef7af72e7a769e72716b61fab8 openssl-solibs-1.1.1o-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
ac4876a340d1b2955577e0cf38f08373 openssl-1.1.1o-x86_64-1_slack15.0.txz
8c356653b569136b28a78dbd1030af06 openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz

Slackware -current packages:
5a1dfe896b159dea87cacc60a28ffd31 a/openssl-solibs-1.1.1o-i586-1.txz
26455879c333f25e50ff1367bf56ad11 n/openssl-1.1.1o-i586-1.txz

Slackware x86_64 -current packages:
0dc2e79b2d7e471eef4a79ac93aae505 a/openssl-solibs-1.1.1o-x86_64-1.txz
724e66c1980f5dfbd664401740e0d2f8 n/openssl-1.1.1o-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-1.1.1o-i586-1_slack15.0.txz openssl-solibs-1.1.1o-i586-1_slack15.0.txz

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.097 Low

EPSS

Percentile

94.7%