Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

SUSE: 2022:2401-3 Critical: OpenSSL-3 Stack Overflow Vulnerability

suse
Calendar Grey July 6, 2022
Dist Suse Esm H88
SUSE has released a significant update for openssl-3 which tackles a range of security concerns, addressing a total of six vulnerabilities.
An update that solves 6 vulnerabilities and has one errata is now available

Summary

This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166) - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify (bsc#1199167). - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). - CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168). - CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory high severity buffer overflow important SUSE shell code injection openssl-3

References

#1185637 #1199166 #1199167 #1199168 #1199169

#1200550 #1201099

Cross- CVE-2022-1292 CVE-2022-1343 CVE-2022-1434

CVE-2022-1473 CVE-2022-2068 CVE-2022-2097

CVSS scores:

CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1343 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-1343 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CVE-2022-1434 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-1434 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-1473 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-1473 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2306-1
Rating: important

Topics%20covered

Topics Covered

security advisory high severity buffer overflow important SUSE shell code injection openssl-3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here