Download
| Alert*
oval:org.secpod.oval:def:707157
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash or run programs when the c_rehash script is used. oval:org.secpod.oval:def:1701785 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically ... oval:org.secpod.oval:def:89046431 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89046430 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:86476 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash or run programs when the c_rehash script is used. oval:org.secpod.oval:def:123046 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. oval:org.secpod.oval:def:86398 It was discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. oval:org.secpod.oval:def:1601564 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically ... oval:org.secpod.oval:def:89046428 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89046746 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode oval:org.secpod.oval:def:1700992 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically ... oval:org.secpod.oval:def:81884 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically e ... oval:org.secpod.oval:def:1700991 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically ... oval:org.secpod.oval:def:608605 It was discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. oval:org.secpod.oval:def:81756 The host is installed with OpenSSL 1.0.2 through 1.0.2ze, 1.1.1 through 1.1.1o or 3.0.0 through 3.0.3 and is prone to a c_rehash script command injection vulnerability. A flaw is present in the c_rehash script which fails to properly sanitise shell metacharacters. Successful exploitation could allow ... oval:org.secpod.oval:def:123631 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:3300766 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:97656 [CLSA-2022:1657817606] Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068 oval:org.secpod.oval:def:89046754 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:1505892 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... oval:org.secpod.oval:def:89949 The remote host is missing a patch 151913-21 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:3300531 SUSE Security Update: Security update for openssl-1_1 oval:org.secpod.oval:def:2600009 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89047484 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:4501072 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:3300755 SUSE Security Update: Security update for openssl-1_0_0 oval:org.secpod.oval:def:2107702 Oracle Solaris 11 - ( CVE-2022-1292 ) oval:org.secpod.oval:def:89046425 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:4501503 Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix: * golang: net/http, x/net/http2: rapid stream resets c ... oval:org.secpod.oval:def:2500721 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:1505987 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#21158 ... oval:org.secpod.oval:def:86652 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:507091 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: the c_rehash script allows command injection * opens ... oval:org.secpod.oval:def:507138 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: c_rehash script allows command injection * openssl: Signer certificate verification returns inaccurate re ... oval:org.secpod.oval:def:89046725 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89047815 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify . - CVE-2022-2097: Fix ... oval:org.secpod.oval:def:89047650 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:1505925 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: th ... oval:org.secpod.oval:def:89954 The remote host is missing a patch 151912-22 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:708554 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:94969 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |