Download
| Alert*
oval:org.secpod.oval:def:97656
[CLSA-2022:1657817606] Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068 oval:org.secpod.oval:def:2600009 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89047484 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89046392 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . oval:org.secpod.oval:def:89046393 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . oval:org.secpod.oval:def:4501072 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:708554 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:99845 Oracle Solaris 11 - (CVE-2022-1292) oval:org.secpod.oval:def:2107702 Oracle Solaris 11 - ( CVE-2022-1292 ) oval:org.secpod.oval:def:89046425 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:4501503 Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix: * golang: net/http, x/net/http2: rapid stream resets c ... oval:org.secpod.oval:def:80405 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1505987 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#21158 ... oval:org.secpod.oval:def:79848 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... oval:org.secpod.oval:def:86652 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:507091 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:507138 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: Signer certificate verification returns inaccurate re ... oval:org.secpod.oval:def:89046725 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89047815 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify . - CVE-2022-2097: Fix ... oval:org.secpod.oval:def:89047650 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:1505925 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... oval:org.secpod.oval:def:3300766 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:1700930 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the sc ... oval:org.secpod.oval:def:89046754 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:1700934 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the sc ... oval:org.secpod.oval:def:1505892 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... oval:org.secpod.oval:def:89949 The remote host is missing a patch 151913-21 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:3300531 SUSE Security Update: Security update for openssl-1_1 oval:org.secpod.oval:def:1601563 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the sc ... oval:org.secpod.oval:def:3300755 SUSE Security Update: Security update for openssl-1_0_0 oval:org.secpod.oval:def:122518 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:2500721 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:94969 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:607604 Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. oval:org.secpod.oval:def:2107235 Oracle Solaris 11 - ( CVE-2022-1292 ) oval:org.secpod.oval:def:89046409 This update for openssl fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . oval:org.secpod.oval:def:82253 The host is installed with Oracle MySQL Server through 5.7.38, 8.0.29 or OpenSSL 1.0.2 before 1.0.2ze, 1.1.1 before 1.1.1o or 3.0.0 before 3.0.3 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (OpenSS ... oval:org.secpod.oval:def:706449 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:88355 Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. oval:org.secpod.oval:def:89046407 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . oval:org.secpod.oval:def:122504 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. oval:org.secpod.oval:def:89954 The remote host is missing a patch 151912-22 containing a security fix. For more information please visit the reference link. |