Lucene search
AmazonALAS2-2022-1832HistoryJul 28, 2022 - 9:55 p.m.
Medium: openssl11
2022-07-2821:55:00
alas.aws.amazon.com
50
Issue Overview:
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script. (CVE-2022-2068)
Affected Packages:
openssl11
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update openssl11 to update your system.
New Packages:
aarch64:
openssl11-1.1.1g-12.amzn2.0.9.aarch64
openssl11-libs-1.1.1g-12.amzn2.0.9.aarch64
openssl11-devel-1.1.1g-12.amzn2.0.9.aarch64
openssl11-static-1.1.1g-12.amzn2.0.9.aarch64
openssl11-debuginfo-1.1.1g-12.amzn2.0.9.aarch64
i686:
openssl11-1.1.1g-12.amzn2.0.9.i686
openssl11-libs-1.1.1g-12.amzn2.0.9.i686
openssl11-devel-1.1.1g-12.amzn2.0.9.i686
openssl11-static-1.1.1g-12.amzn2.0.9.i686
openssl11-debuginfo-1.1.1g-12.amzn2.0.9.i686
src:
openssl11-1.1.1g-12.amzn2.0.9.src
x86_64:
openssl11-1.1.1g-12.amzn2.0.9.x86_64
openssl11-libs-1.1.1g-12.amzn2.0.9.x86_64
openssl11-devel-1.1.1g-12.amzn2.0.9.x86_64
openssl11-static-1.1.1g-12.amzn2.0.9.x86_64
openssl11-debuginfo-1.1.1g-12.amzn2.0.9.x86_64
Additional References
Red Hat: CVE-2022-2068
Mitre: CVE-2022-2068
Related
nessus
nessus
Amazon Linux 2 : openssl (ALAS-2022-1831)
2022-08-08 00:00:00
SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2181-1)
2022-06-27 00:00:00
SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)
2022-06-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1q-alt1
2022-07-08 00:00:00
broadcom
broadcom
openvas
openvas
openSUSE: Security Advisory for openssl (SUSE-SU-2022:2251-2)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2182-1)
2022-06-27 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2446)
2022-10-10 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
amazon
amazon
Medium: openssl
2022-07-28 21:55:00
Medium: openssl
2022-07-28 20:38:00
Medium: openssl11
2022-07-06 03:14:00
redhat
redhat
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:28:19
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:20:51
(RHSA-2022:5818) Moderate: openssl security update
2022-08-02 07:00:02
suse
suse
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
cvelist
cvelist
CVE-2022-2068 The c_rehash script allows command injection
2022-06-21 00:00:00
prion
prion
Command injection
2022-06-21 15:15:00
Command injection
2022-05-03 16:15:00
debiancve
debiancve
CVE-2022-2068
2022-06-21 15:15:00
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
ubuntucve
ubuntucve
CVE-2022-2068
2022-06-21 00:00:00
CVE-2022-1292
2022-05-03 00:00:00
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:00
slackware
slackware
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-06-23 05:32:23
osv
osv
CVE-2022-2068
2022-06-21 15:15:09
Moderate: openssl security update
2022-08-03 00:00:00
Moderate: openssl security update
2022-08-02 07:00:02
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
cve
cve
CVE-2022-2068
2022-06-21 15:15:00
CVE-2022-1292
2022-05-03 16:15:00
oraclelinux
oraclelinux
openssl security update
2022-08-05 00:00:00
openssl security update
2022-08-02 00:00:00
openssl security and bug fix update
2022-08-30 00:00:00
ibm
ibm
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
rocky
rocky
openssl security update
2022-08-02 07:00:02
openssl security and bug fix update
2023-01-26 21:50:01
almalinux
almalinux
Moderate: openssl security update
2022-08-03 00:00:00
ubuntu
ubuntu
Node.js vulnerabilities
2023-10-30 00:00:00
OpenSSL vulnerability
2022-07-06 00:00:00
OpenSSL vulnerability
2022-06-21 00:00:00
ics
ics
Mitsubishi Electric GT SoftGOT2000
2022-11-15 12:00:00
debian
debian
[SECURITY] [DSA 5169-1] openssl security update
2022-06-26 18:27:15
[SECURITY] [DSA 5139-1] openssl security update
2022-05-17 19:11:22
veracode
veracode
Command Injection
2022-06-22 12:42:34
OS Command Injection
2022-05-11 10:47:23
nodejsblog
nodejsblog
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
OpenSSL update assessment, and Node.js project plans
2022-06-21 00:00:00
cloudfoundry
cloudfoundry
USN-5488-1: OpenSSL vulnerability | Cloud Foundry
2022-07-28 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2022-07-01 00:31:09
freebsd
freebsd
OpenSSL -- Command injection vulnerability
2022-06-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2068 affecting package openssl 1.1.1k-16
2022-07-14 20:59:56
CVE-2022-1292 affecting package openssl 1.1.1k-9
2022-05-26 19:04:39
CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17
2022-07-01 21:02:21
fedora
fedora
[SECURITY] Fedora 35 Update: openssl-1.1.1o-1.fc35
2022-06-29 01:50:51
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36
2022-07-06 01:38:37
githubexploit
githubexploit
Exploit for OS Command Injection in Openssl
2022-05-25 07:06:48
Exploit for OS Command Injection in Openssl
2022-09-01 07:00:00
Exploit for OS Command Injection in Openssl
2022-07-26 11:33:10
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0408
2022-06-22 00:00:00