Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5139-1] openssl security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5139-1] openssl security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5139-1] openssl security update
  • Date: Tue, 17 May 2022 19:10:59 +0000
  • List-archive: https://lists.debian.org/msgid-search/20220517191059.GB25883 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=qMFgaKa2qunR/EKJyI32Okuhc6YpvGwFXKmoeMdYb5M=; b=cQ wM7eTzx+k1SyNvk3APM9LQXg4aeKE3i7vVdzTWAQ8W7iVs44dEufdQdbycpX6Z2TMd/tAZciA+w2o zVhMHdDQ3fFn6AjdIF467WAwwnublHcjFG9i4Z6zlYgQlKFqtJe5pki/aEsP2bfRCejcBCjdXjj7H lGEAVNmXjrxVcik3x52WHi6tGofP+S1tXGbljPYDVcSRAb2ynyVEVfRZgnn/G+DarJB0UFEHTl9Zg UQDn4j+l658s6/Q6REcPGZRA/OzJPoDjCIZTDCvWnGX5C5v+Ho3k69CfM2J80rHDTHqr7xuIPvZn3 TL7sVGtL+3w3hALsyBdgZS8lQR6lsRoQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 17 May 2022 19:11:22 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <fg2x-fTK0TH.A.s0G.aN_giB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5139-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2022-1292

Elison Niven discovered that the c_rehash script included in OpenSSL did
not sanitise shell meta characters which could result in the execution
of arbitrary commands.

For the oldstable distribution (buster), this problem has been fixed
in version 1.1.1n-0+deb10u2.

For the stable distribution (bullseye), this problem has been fixed in
version 1.1.1n-0+deb11u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKD8YIACgkQEMKTtsN8
Tjbf/Q/9EeIjNdesEYJjq1KlyR2YB1xrDqXu62JsgberEXwKjXj1qPLV8yfTqTDr
h9lq0Q7GTbE9cOREfD9A0iyY8I4bTPsHUtqQXmFJBcxYX+JBW7WFQrioXa14SWw9
XVBWjIg0JbCxR0paYjZs5PZ7pJGqkFfbf1atsVyjM+qfkUZ0N8G70qdhIdUA71dH
gCOPdG4NbbuQlEs+mSwjos4WlAtKw6E/OzY7wd/5DvLfQgRJNCHRKDBczzn60UPm
X2dOLOkNgZgH67cdHDnKwJGQ2XwQ0mjFmgsGuHe4KEh+ZOFDunCeeVaQP0sZuf0d
Hsduvqb3VAJcpbR6h+JvwTqgwDikvHk3mjbqOT38mRvzQuwiJq+vTyWJPrFqTjIL
lWuPmFGmQ3JrYwAs4/XtJGgDuDsmVFBesyWoHOsbORSvsdilc3PLDAAFln5Gq6Fc
u2v1IK4JHugncR137Vf9h3C+voG3d5VpGP27ffAH/BrfAZ3mfMDAV70fSDXWAGgw
M+zm0Cc+JdDNyS5jaM+hKuMl4SGf4xlGc8eabNGRvz9ONJ3Dve4sL93OlTrSMhMz
Sg3NcdX5RaZ030w8KH9yGhI9HZZaOaJ5a7TZ8+jYTF1mIza3N3X86Vk9dBBdWAv9
xIowwsw+u2Hv4lb1Lt+lDIHewG8dCmWVbv99AgBt7omXZz1REJs=
=8cyP
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5139-1] openssl security update, Moritz Muehlenhoff, 17.05.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang