it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5169-1] openssl security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5169-1] openssl security update
Date: Sun, 26 Jun 2022 18:26:57 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
List-archive: https://lists.debian.org/msgid-search/20220626182657.GA28894 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5Rw14TAtuYEnw7ncCZKY7uCfJJwwblRS3gWCU1GUxc0=; b=PX cZjooum88+823L63505rvCIuNXya0c3QrXjYrCZj68wvpOQLSqm2S92IPh/mcwuDn4i0IOD6oMx3I Cf5mZNLaSAwA3bPUk9TCveKOcw4GaXFFFBd4unt/wDBwpFNxJrpu83Pw+blIKiWupWvLJrbWwDahg 2T4GeK+qpN0R56neBk+8ESJPWRnJpzjCy8dtq72SF3uYwGUAa8MUz0d+ezdM6dY9S5DGpk+CUnL4T 4pCWOM/RYkO5Jh6NnvVPgjnDnkPu8m81Aood2QaoR/qZU5X1WFETih+MWROnMZTj7YR5ElFNuS0Cv ZRDU+Q8BAjnf+YUQdIETtxnb/bQ21sRQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 26 Jun 2022 18:27:15 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <mrC9imTTZeK.A.28F.DUKuiB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5169-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 26, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2022-2068

It was discovered that the c_rehash script included in OpenSSL did not
sanitise shell meta characters which could result in the execution of
arbitrary commands.

For the oldstable distribution (buster), this problem has been fixed
in version 1.1.1n-0+deb10u3.

For the stable distribution (bullseye), this problem has been fixed in
version 1.1.1n-0+deb11u3.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmK4pF0ACgkQEMKTtsN8
TjYP5g//SyfB1W/vUNmgeSp2kKu3vt9CPwoXMK8nhTcA7iYhkxIJTFxAWDpn+4S7
W4kYyxMRFSIHKv4FLiLgi/Vzn4g1kB1UvKv05CFhEJqpWMyyRj6FdmebLlkLG0eE
IGsZoQl9be+lRJ+E4oMMkrRkbJV5II7s69vdxFDh4893Ndx05GWWvXT5Doc5gFMi
NoNabBH47GFU6aGDwVJU+xooBT6s4QMOrgVKYbxhM5PO98HQzk0zv0Z6YRx7FzKD
hYMN/t6A8qj4zMQqJqM+44q9zpDryyolGLewvgOit1HFFnLlBf4wsdBvE7AGhvGs
Lam5OXLhlwlQT6gBNd4XFAShdEZGLVF2DCgKzMh5cG5r2W10ewfHHyOR4CnkMQQP
ePA8YvhVwSH3I5jOTS75A18LXpoRJKRXQuQ7v9di2C8qRZ0qnM95h0KzH9/UKyUc
TmF09MTKWoFCkCtyzucdPnoyUPhdScJc08jcGJ37MCb8uKI4F5jVImLnHC6qS6Oc
Gab3OPIDzS8I1rro0J1k8RJE1E8XvfCxgVAOoebn0mst8qT+38hqsTFykG+uq3dN
sfhwI+E8iOeVOapyDVzxz8DfIkyBdnFsM4cg9VxDPOOllN+BknySqvzxu+aYpMFz
K/D6g421XIIXPXD+sP/w1ENPV7LFobRR7KXUWvjS5l/Ir8dhPdQ=
=tiWq
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5169-1] openssl security update, Moritz Muehlenhoff, 26.06.2022

Archiv bereitgestellt durch MHonArc 2.6.24.