[Bug 2122362] New: CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
Bug ID: 2122362
Summary: CVE-2020-35535 LibRaw: Out-of-bounds read in
LibRaw::parseSonySRF() function
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: dchen(a)redhat.com, debarshir(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, hobbes1069(a)gmail.com,
jridky(a)redhat.com, manisandro(a)gmail.com,
mattdm(a)redhat.com, mattia.verga(a)proton.me,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
nphilipp(a)redhat.com, sebastian(a)sdziallas.com,
sergio(a)serjux.com, siddharth.kde(a)gmail.com,
sipoyare(a)redhat.com, thibault(a)north.li
Target Milestone: ---
Classification: Other
In LibRaw, there is an out-of-bounds read vulnerability within the
"LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when
processing srf files.
Upstream issue:
https://github.com/LibRaw/LibRaw/issues/283
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122362
1 year, 6 months
[Bug 2122360] New: CVE-2020-35534 LibRaw: Memory corruption in "crxFreeSubbandData()" function
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2122360
Bug ID: 2122360
Summary: CVE-2020-35534 LibRaw: Memory corruption in
"crxFreeSubbandData()" function
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: dchen(a)redhat.com, debarshir(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, hobbes1069(a)gmail.com,
jridky(a)redhat.com, manisandro(a)gmail.com,
mattdm(a)redhat.com, mattia.verga(a)proton.me,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
nphilipp(a)redhat.com, sebastian(a)sdziallas.com,
sergio(a)serjux.com, siddharth.kde(a)gmail.com,
sipoyare(a)redhat.com, thibault(a)north.li
Target Milestone: ---
Classification: Other
In LibRaw, there is a memory corruption vulnerability within the
"crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing
cr3 files.
Upstream issue:
https://github.com/LibRaw/LibRaw/issues/279
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122360
1 year, 6 months
[Bug 2122159] New: xmlstarlet missing in EPEL8
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2122159
Bug ID: 2122159
Summary: xmlstarlet missing in EPEL8
Product: Fedora EPEL
Version: epel8
Hardware: All
OS: Linux
Status: NEW
Component: xmlstarlet
Severity: high
Assignee: stickster(a)gmail.com
Reporter: vashastr(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: adeza(a)redhat.com, bhubbard(a)redhat.com,
daltonminer(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org,
ghenadii.batalski(a)conitas.de,
guenther.reim(a)allianz.at, michel(a)michel-slm.name,
ngompa13(a)gmail.com, olivier.lahaye1(a)free.fr,
skimeer(a)gmail.com, stickster(a)gmail.com
Depends On: 1757000
Target Milestone: ---
Classification: Fedora
+++ This bug was initially created as a clone of Bug #1757000 +++
Description of problem:
xmlstarlet is missing in EPEL8
As there is no alternative to this tool (validate or query xml files from
cmdline), it's important to have it on EPEL-8
--- Additional comment from Alfredo Deza on 2019-10-18 19:26:22 UTC ---
The Ceph project depends on this missing package for builds, we've had to
install it directly from the commandline (!) as a workaround. Any progress on
this would be greatly appreciated.
--- Additional comment from Fedora Update System on 2019-11-09 20:02:11 UTC ---
FEDORA-EPEL-2019-3b10f1dd23 has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3b10f1dd23
--- Additional comment from Paul W. Frields on 2019-11-09 20:02:59 UTC ---
@Brad, @Alfredo -- if you'd like to see this available sooner, please encourage
people to test the update from the link above.
--- Additional comment from Brad Hubbard on 2019-11-10 00:06:58 UTC ---
(In reply to Paul W. Frields from comment #3)
> @Brad, @Alfredo -- if you'd like to see this available sooner, please
> encourage people to test the update from the link above.
ACK. Thanks Paul.
--- Additional comment from Fedora Update System on 2019-11-11 03:15:37 UTC ---
xmlstarlet-1.6.1-11.el8 has been pushed to the Fedora EPEL 8 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3b10f1dd23
--- Additional comment from Gena on 2019-11-15 14:43:41 UTC ---
Could you please provide this package in a UBI8 repo. We use the keycloak image
from now based on ubi8 and need to adapt the xml configuration on image build.
Thank you and kind regards, Gena
--- Additional comment from Paul W. Frields on 2019-11-15 17:44:58 UTC ---
@Gena: Is there a reason a package in the EPEL 8 repository won't work for this
purpose?
--- Additional comment from Gena on 2019-11-19 08:01:54 UTC ---
(In reply to Paul W. Frields from comment #7)
> @Gena: Is there a reason a package in the EPEL 8 repository won't work for
> this purpose?
May be, but i only have 2 repositories available:
sh-4.4# dnf repolist
repo id repo name
ubi-8-appstream Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos Red Hat Universal Base Image 8 (RPMs) - BaseOS
EPEL is not listed there
--- Additional comment from Fedora Update System on 2019-11-27 01:03:39 UTC ---
xmlstarlet-1.6.1-11.el8 has been pushed to the Fedora EPEL 8 stable repository.
If problems still persist, please make note of it in this bug report.
--- Additional comment from Paul W. Frields on 2019-12-03 01:41:32 UTC ---
Please refer to the UBI FAQ for info:
https://developers.redhat.com/articles/ubi-faq/#community
--- Additional comment from Gena on 2019-12-05 09:10:00 UTC ---
(In reply to Paul W. Frields from comment #10)
> Please refer to the UBI FAQ for info:
> https://developers.redhat.com/articles/ubi-faq/#community
thank you for the hint, but it says nothing about, how to use the UBI8 image
outside the playground: i prefer to install my packages from approved repos.
The simple enablement of EPEL via microdnf is not described. The only library
to work with xml from the console is the xmlstarlet, so, in my opinion, it
should be put into default repo just like it's done by alpine, debian,
ubuntu...
--- Additional comment from Paul W. Frields on 2019-12-06 16:28:23 UTC ---
To enable EPEL on UBI Standard or Multi-service, simply use the instructions at
https://fedoraproject.org/wiki/EPEL and you can `yum install xmlstarlet`.
To enable with microdnf, you must create a suitable .repo file in your UBI
environment. At a minimum:
[epel]
name=EPEL 8
baseurl=https://download.fedoraproject.org/pub/epel/8/Everything/x86_64
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
And grab the GPG key from the epel-release source repo:
$ curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
https://src.fedoraproject.org/rpms/epel-release/raw/epel8/f/RPM-GPG-KEY-E...
You can then `microdnf install xmlstarlet`.
--- Additional comment from Shailesh on 2022-08-29 08:12:22 UTC ---
We are facing an issue again with rockylinux:8.6 container image.
Steps followed are as below -
1. Create a container from rockylinux:8.6
[root@ssc-vm-rhev4-0707 ~]# docker run --rm -it rockylinux:8.6
2. Enable powertools and install epel-release package
[root@acb8441a9bb1 /]# dnf install dnf-plugin-config-manager -y ;dnf
config-manager --set-enabled powertools
Rocky Linux 8 - AppStream
9.2
MB/s | 9.6 MB 00:01
Rocky Linux 8 - BaseOS
4.1
MB/s | 6.7 MB 00:01
Rocky Linux 8 - Extras
28
kB/s | 11 kB 00:00
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture
Version Repository
Size
=========================================================================================================================================================================================
Installing:
dnf-plugins-core noarch
4.0.21-11.el8 baseos
70 k
Installing dependencies:
dbus-glib x86_64
0.110-2.el8 baseos
126 k
python3-dateutil noarch
1:2.6.1-6.el8 baseos
250 k
python3-dbus x86_64
1.2.4-15.el8 baseos
133 k
python3-dnf-plugins-core noarch
4.0.21-11.el8 baseos
239 k
python3-six noarch
1.11.0-8.el8 baseos
37 k
Transaction Summary
=========================================================================================================================================================================================
Install 6 Packages
Total download size: 854 k
Installed size: 2.3 M
Downloading Packages:
(1/6): dnf-plugins-core-4.0.21-11.el8.noarch.rpm
268
kB/s | 70 kB 00:00
(2/6): dbus-glib-0.110-2.el8.x86_64.rpm
430
kB/s | 126 kB 00:00
(3/6): python3-dbus-1.2.4-15.el8.x86_64.rpm
1.2
MB/s | 133 kB 00:00
(4/6): python3-dateutil-2.6.1-6.el8.noarch.rpm
656
kB/s | 250 kB 00:00
(5/6): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm
2.0
MB/s | 239 kB 00:00
(6/6): python3-six-1.11.0-8.el8.noarch.rpm
690
kB/s | 37 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total
1.5
MB/s | 854 kB 00:00
Rocky Linux 8 - BaseOS
1.6
MB/s | 1.6 kB 00:00
Importing GPG key 0x6D745A60:
Userid : "Release Engineering <infrastructure(a)rockylinux.org>"
Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : python3-six-1.11.0-8.el8.noarch
1/6
Installing : python3-dateutil-1:2.6.1-6.el8.noarch
2/6
Installing : dbus-glib-0.110-2.el8.x86_64
3/6
Running scriptlet: dbus-glib-0.110-2.el8.x86_64
3/6
Installing : python3-dbus-1.2.4-15.el8.x86_64
4/6
Installing : python3-dnf-plugins-core-4.0.21-11.el8.noarch
5/6
Installing : dnf-plugins-core-4.0.21-11.el8.noarch
6/6
Running scriptlet: dnf-plugins-core-4.0.21-11.el8.noarch
6/6
Verifying : dbus-glib-0.110-2.el8.x86_64
1/6
Verifying : dnf-plugins-core-4.0.21-11.el8.noarch
2/6
Verifying : python3-dateutil-1:2.6.1-6.el8.noarch
3/6
Verifying : python3-dbus-1.2.4-15.el8.x86_64
4/6
Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch
5/6
Verifying : python3-six-1.11.0-8.el8.noarch
6/6
Installed:
dbus-glib-0.110-2.el8.x86_64
dnf-plugins-core-4.0.21-11.el8.noarch
python3-dateutil-1:2.6.1-6.el8.noarch python3-dbus-1.2.4-15.el8.x86_64
python3-dnf-plugins-core-4.0.21-11.el8.noarch
python3-six-1.11.0-8.el8.noarch
Complete!
[root@acb8441a9bb1 /]# yum install epel-release -y
Rocky Linux 8 - PowerTools
1.5
MB/s | 2.4 MB 00:01
Last metadata expiration check: 0:00:02 ago on Mon Aug 29 07:59:48 2022.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture
Version Repository
Size
=========================================================================================================================================================================================
Installing:
epel-release noarch
8-17.el8 extras
24 k
Transaction Summary
=========================================================================================================================================================================================
Install 1 Package
Total download size: 24 k
Installed size: 34 k
Downloading Packages:
epel-release-8-17.el8.noarch.rpm
216
kB/s | 24 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total
119
kB/s | 24 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : epel-release-8-17.el8.noarch
1/1
Running scriptlet: epel-release-8-17.el8.noarch
1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB
repository.
Verifying : epel-release-8-17.el8.noarch
1/1
Installed:
epel-release-8-17.el8.noarch
Complete!
[root@acb8441a9bb1 /]#
3. Test installation of xmlstarlet
[root@acb8441a9bb1 /]# yum list xmlstarlet
Extra Packages for Enterprise Linux 8 - x86_64
2.4
MB/s | 13 MB 00:05
Extra Packages for Enterprise Linux Modular 8 - x86_64
340
kB/s | 734 kB 00:02
Last metadata expiration check: 0:00:01 ago on Mon Aug 29 08:01:40 2022.
Error: No matching Packages to list
[root@acb8441a9bb1 /]#
--- Additional comment from Shailesh on 2022-08-29 08:13:43 UTC ---
We are facing an issue again with rockylinux:8.6 container image.
Steps followed are as below -
1. Create a container from rockylinux:8.6
[root@test-node ~]# docker run --rm -it rockylinux:8.6
2. Enable powertools and install epel-release package
[root@acb8441a9bb1 /]# dnf install dnf-plugin-config-manager -y ;dnf
config-manager --set-enabled powertools
Rocky Linux 8 - AppStream
9.2
MB/s | 9.6 MB 00:01
Rocky Linux 8 - BaseOS
4.1
MB/s | 6.7 MB 00:01
Rocky Linux 8 - Extras
28
kB/s | 11 kB 00:00
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture
Version Repository
Size
=========================================================================================================================================================================================
Installing:
dnf-plugins-core noarch
4.0.21-11.el8 baseos
70 k
Installing dependencies:
dbus-glib x86_64
0.110-2.el8 baseos
126 k
python3-dateutil noarch
1:2.6.1-6.el8 baseos
250 k
python3-dbus x86_64
1.2.4-15.el8 baseos
133 k
python3-dnf-plugins-core noarch
4.0.21-11.el8 baseos
239 k
python3-six noarch
1.11.0-8.el8 baseos
37 k
Transaction Summary
=========================================================================================================================================================================================
Install 6 Packages
Total download size: 854 k
Installed size: 2.3 M
Downloading Packages:
(1/6): dnf-plugins-core-4.0.21-11.el8.noarch.rpm
268
kB/s | 70 kB 00:00
(2/6): dbus-glib-0.110-2.el8.x86_64.rpm
430
kB/s | 126 kB 00:00
(3/6): python3-dbus-1.2.4-15.el8.x86_64.rpm
1.2
MB/s | 133 kB 00:00
(4/6): python3-dateutil-2.6.1-6.el8.noarch.rpm
656
kB/s | 250 kB 00:00
(5/6): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm
2.0
MB/s | 239 kB 00:00
(6/6): python3-six-1.11.0-8.el8.noarch.rpm
690
kB/s | 37 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total
1.5
MB/s | 854 kB 00:00
Rocky Linux 8 - BaseOS
1.6
MB/s | 1.6 kB 00:00
Importing GPG key 0x6D745A60:
Userid : "Release Engineering <infrastructure(a)rockylinux.org>"
Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : python3-six-1.11.0-8.el8.noarch
1/6
Installing : python3-dateutil-1:2.6.1-6.el8.noarch
2/6
Installing : dbus-glib-0.110-2.el8.x86_64
3/6
Running scriptlet: dbus-glib-0.110-2.el8.x86_64
3/6
Installing : python3-dbus-1.2.4-15.el8.x86_64
4/6
Installing : python3-dnf-plugins-core-4.0.21-11.el8.noarch
5/6
Installing : dnf-plugins-core-4.0.21-11.el8.noarch
6/6
Running scriptlet: dnf-plugins-core-4.0.21-11.el8.noarch
6/6
Verifying : dbus-glib-0.110-2.el8.x86_64
1/6
Verifying : dnf-plugins-core-4.0.21-11.el8.noarch
2/6
Verifying : python3-dateutil-1:2.6.1-6.el8.noarch
3/6
Verifying : python3-dbus-1.2.4-15.el8.x86_64
4/6
Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch
5/6
Verifying : python3-six-1.11.0-8.el8.noarch
6/6
Installed:
dbus-glib-0.110-2.el8.x86_64
dnf-plugins-core-4.0.21-11.el8.noarch
python3-dateutil-1:2.6.1-6.el8.noarch python3-dbus-1.2.4-15.el8.x86_64
python3-dnf-plugins-core-4.0.21-11.el8.noarch
python3-six-1.11.0-8.el8.noarch
Complete!
[root@acb8441a9bb1 /]# yum install epel-release -y
Rocky Linux 8 - PowerTools
1.5
MB/s | 2.4 MB 00:01
Last metadata expiration check: 0:00:02 ago on Mon Aug 29 07:59:48 2022.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture
Version Repository
Size
=========================================================================================================================================================================================
Installing:
epel-release noarch
8-17.el8 extras
24 k
Transaction Summary
=========================================================================================================================================================================================
Install 1 Package
Total download size: 24 k
Installed size: 34 k
Downloading Packages:
epel-release-8-17.el8.noarch.rpm
216
kB/s | 24 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total
119
kB/s | 24 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : epel-release-8-17.el8.noarch
1/1
Running scriptlet: epel-release-8-17.el8.noarch
1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB
repository.
Verifying : epel-release-8-17.el8.noarch
1/1
Installed:
epel-release-8-17.el8.noarch
Complete!
[root@acb8441a9bb1 /]#
3. Test installation of xmlstarlet
[root@acb8441a9bb1 /]# yum list xmlstarlet
Extra Packages for Enterprise Linux 8 - x86_64
2.4
MB/s | 13 MB 00:05
Extra Packages for Enterprise Linux Modular 8 - x86_64
340
kB/s | 734 kB 00:02
Last metadata expiration check: 0:00:01 ago on Mon Aug 29 08:01:40 2022.
Error: No matching Packages to list
[root@acb8441a9bb1 /]#
--- Additional comment from Guenther on 2022-08-29 11:00:42 UTC ---
i´m facing the same issue.
seems that xmlstarlet is no longer available in epel... can`t find it here:
https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/x/
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1757000
[Bug 1757000] xmlstarlet missing in EPEL8
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2122159
1 year, 6 months
[Bug 2067022] New: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2067022
Bug ID: 2067022
Summary: ImageMagick: heap-buffer-overflow in PushShortPixel of
quantum-private.h
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: trathi(a)redhat.com
CC: blaise(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, jhorak(a)redhat.com,
luya_tfz(a)thefinalzone.net, michel(a)michel-slm.name,
ngompa13(a)gmail.com, pampelmuse(a)gmx.at,
sergio(a)serjux.com, troy(a)troycurtisjr.com
Target Milestone: ---
Classification: Other
A heap-buffer-overflow flaw was found in PushShortPixel function of
quantum-private.h
References:
https://github.com/ImageMagick/ImageMagick/issues/4974
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2067022
1 year, 7 months
[Bug 2105033] New: CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some bytes [epel-8]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2105033
Bug ID: 2105033
Summary: CVE-2022-2097 openssl3: openssl: AES OCB fails to
encrypt some bytes [epel-8]
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: openssl3
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: michel(a)michel-slm.name
Reporter: mcascell(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-8.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2105033
1 year, 7 months
[Bug 2099970] New: CVE-2022-2068 openssl3: openssl: the c_rehash script allows command injection [epel-8]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2099970
Bug ID: 2099970
Summary: CVE-2022-2068 openssl3: openssl: the c_rehash script
allows command injection [epel-8]
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: openssl3
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: michel(a)michel-slm.name
Reporter: mrehak(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-8.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2099970
1 year, 7 months