Slackware 14.2: SSA:2022-179-03 Critical OpenSSL Command Injection

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2u-i586-4_slack14.2.txz: Rebuilt. We're sending out the Slackware 14.2 updates again because the package build number wasn't incremented which caused slackpkg to not pick up the updates. It's been bumped and the packages rebuilt - otherwise there are no new changes. Thanks to John Jenkins for the report. For reference, here's the information from the previous advisory: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: