Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Slackware: 2022-174-01 Moderate Shell Injection Fix for OpenSSL

slackware
Calendar Grey June 23, 2022
Dist Slackware Esm H88
Recent updates to OpenSSL address a critical shell injection vulnerability affecting various Slackware releases, spanning from 14.0 to 15.0.
New openssl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1p-i586-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://openssl-library.org/news/secadv/20220621.txt https://www.cve.org/CVERecord?id=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-i586-1_slack15.0.txz: Upgraded.

Topics%20covered

Topics Covered

security advisory moderate security fix OpenSSL package upgrade Slackware shell injection

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solib...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: 2aa13c8a7d18771358cddf3bf7781d0b openssl-1.0.2u-i586-3_slack14.2.txz 1da684b3b3e24982f2911bb30166b0b4 openssl-solibs-1.0.2u-i586-3_slack14.2.txz
Slackware x86_64 14.2 packages: 02eadb7d77252327110db14db4d5f4b5 openssl-1.0.2u-x86_64-3_slack14.2.txz 7e7040891c7245ead12cc138765f24ae openssl-solibs-1.0.2u-x86_64-3_slack14.2.txz
Slackware 15.0 packages: 7e03c9ba8505fb25467f578739cc9f13 openssl-1.1.1p-i586-1_slack15.0.txz 8e8d5c2fd8cc8ed74d32826bdb63b664 openssl-solibs-1.1.1p-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages: a5e447bc3c8533bb4c1c02383798ad93 openssl-1.1.1p-x86_64-1_slack15.0.txz 475f11994410b3c64ba18f5ce0410f96 openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz
Slackware -current packages: c39cb7bfb2ecedcfe2f8c08ef53d6c8a a/openssl-solibs-1.1.1p-i586-1.txz 386ec811ce8738e5ba4a883687b4736b n/openssl-1.1.1p-i586-1.txz
Slackware x86_64 -current packages: 29f721a803c7e307d14a1187be0ee3b9 a/openssl-solibs-1.1.1p-x86_64-1.txz c506f5645a458896a90b6e1d13fc0ab9 n/openssl-1.1.1p-x86_64-1.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory moderate security fix OpenSSL package upgrade Slackware shell injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.1.1p-i586-1_slack15.0.txz openssl-solibs-1.1.1p-i586-1_slack15.0.txz

Related News

Your message here