4:53 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug ID: 2081494
Summary: CVE-2022-1292 openssl: c_rehash script allows command
injection
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: pdelbell(a)redhat.com
CC: aos-bugs(a)redhat.com, asoldano(a)redhat.com,
bbaranow(a)redhat.com, bdettelb(a)redhat.com,
berrange(a)redhat.com, bmaxwell(a)redhat.com,
bootloader-eng-team(a)redhat.com,
brian.stansberry(a)redhat.com, caswilli(a)redhat.com,
cdewolf(a)redhat.com, cfergeau(a)redhat.com,
chazlett(a)redhat.com, crobinso(a)redhat.com,
crypto-team(a)lists.fedoraproject.org,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dbelyavs(a)redhat.com, ddepaula(a)redhat.com,
dhalasz(a)redhat.com, dkreling(a)redhat.com,
dkuc(a)redhat.com, dosoudil(a)redhat.com,
dueno(a)redhat.com, elima(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
erik-fedora(a)vanpienbroek.nl, f4bug(a)amsat.org,
fjansen(a)redhat.com, fjuma(a)redhat.com,
fmartine(a)redhat.com, gparvin(a)redhat.com,
gzaronik(a)redhat.com, iweiss(a)redhat.com,
jburrell(a)redhat.com, jclere(a)redhat.com,
jferlan(a)redhat.com, jkoehler(a)redhat.com,
jochrist(a)redhat.com, jramanat(a)redhat.com,
jwong(a)redhat.com, jwon(a)redhat.com, kaycoth(a)redhat.com,
krathod(a)redhat.com, kraxel(a)redhat.com,
ktietz(a)redhat.com, lgao(a)redhat.com,
marcandre.lureau(a)redhat.com,
michal.skrivanek(a)redhat.com, michel(a)michel-slm.name,
micjohns(a)redhat.com, mjg59(a)srcf.ucam.org,
mosmerov(a)redhat.com, mperina(a)redhat.com,
msochure(a)redhat.com, mspacek(a)redhat.com,
msvehla(a)redhat.com, mturk(a)redhat.com,
njean(a)redhat.com, nwallace(a)redhat.com,
pahickey(a)redhat.com, pbonzini(a)redhat.com,
pjindal(a)redhat.com, pjones(a)redhat.com,
pmackay(a)redhat.com, redhat-bugzilla(a)linuxnetz.de,
rfreiman(a)redhat.com, rharwood(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
sahana(a)redhat.com, sbonazzo(a)redhat.com,
smaestri(a)redhat.com, stcannon(a)redhat.com,
sthirugn(a)redhat.com, szappis(a)redhat.com,
tmeszaro(a)redhat.com, tm(a)t8m.info,
tom.jenkinson(a)redhat.com,
virt-maint(a)lists.fedoraproject.org,
virt-maint(a)redhat.com, vkrizan(a)redhat.com,
vkumar(a)redhat.com, vmugicag(a)redhat.com
Target Milestone: ---
Classification: Other
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is distributed by some operating
systems in a manner where it is automatically executed. On such operating
systems, an attacker could execute arbitrary commands with the privileges
of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.
OpenSSL 1.0.2 users should upgrade to 1.0.2ze
OpenSSL 1.1.1 users should upgrade to 1.1.1o
OpenSSL 3.0 users should upgrade to 3.0.3
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
4:54 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Patrick Del Bello <pdelbell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2081495
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
1:21 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Borja Tarraso <btarraso(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2081827
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
10:33 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella <mcascell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2090361, 2090362
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
10:48 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella <mcascell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2090372, 2090371
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
10:49 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #5 from Mauro Matteo Cascella <mcascell(a)redhat.com> ---
Upstream fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c33270707b568c5...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:15 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
amctagga(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2090388, 2090386
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:35 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella <mcascell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Comment|5 |updated
--- Comment #5 has been edited ---
OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20220503.txt
Upstream fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c33270707b568c5...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:32 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
TEJ RATHI <trathi(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2090566
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
10:38 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella <mcascell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2095800, 2095801, 2095798,
| |2095799, 2095802
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:05 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella <mcascell(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2095812, 2095818, 2095816,
| |2095814, 2095817, 2095815,
| |2095813
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2095812
[Bug 2095812] CVE-2022-1292 openssl: c_rehash script allows command injection
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095813
[Bug 2095813] CVE-2022-1292 openssl11: openssl: c_rehash script allows command
injection [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2095814
[Bug 2095814] CVE-2022-1292 openssl3: openssl: c_rehash script allows command
injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2095815
[Bug 2095815] CVE-2022-1292 mingw-openssl: openssl: c_rehash script allows
command injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095816
[Bug 2095816] CVE-2022-1292 edk2: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095817
[Bug 2095817] CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095818
[Bug 2095818] CVE-2022-1292 shim: openssl: c_rehash script allows command
injection [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:06 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #9 from Mauro Matteo Cascella <mcascell(a)redhat.com> ---
Created edk2 tracking bugs for this issue:
Affects: fedora-all [bug 2095816]
Created mingw-openssl tracking bugs for this issue:
Affects: fedora-all [bug 2095815]
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 2095812]
Created openssl1.1 tracking bugs for this issue:
Affects: fedora-all [bug 2095817]
Created openssl11 tracking bugs for this issue:
Affects: epel-7 [bug 2095813]
Created openssl3 tracking bugs for this issue:
Affects: epel-8 [bug 2095814]
Created shim tracking bugs for this issue:
Affects: fedora-all [bug 2095818]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:34 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Doc Text *updated* by Mauro Matteo Cascella <mcascell(a)redhat.com> ---
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell
meta-characters to prevent command injection. This script is distributed by some operating
systems in a manner where it is automatically executed. On such operating systems, an
attacker could execute arbitrary commands with the privileges of the script.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
12:07 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095818, which changed state.
Bug 2095818 Summary: CVE-2022-1292 shim: openssl: c_rehash script allows command injection
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095818
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |NOTABUG
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
3:36 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095813, which changed state.
Bug 2095813 Summary: CVE-2022-1292 openssl11: openssl: c_rehash script allows command
injection [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2095813
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |CANTFIX
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
4:41 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095812, which changed state.
Bug 2095812 Summary: CVE-2022-1292 openssl: c_rehash script allows command injection
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095812
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |CURRENTRELEASE
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
7:56 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> ---
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell
meta-characters to prevent command injection. Some operating systems distribute this
script in a manner where it is automatically executed. This flaw allows an attacker to
execute arbitrary commands with the privileges of the script on these operating systems.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8:04 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added
----------------------------------------------------------------------------
Status|CLOSED |MODIFIED
Resolution|ERRATA |---
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
10:41 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Yadnyawalk Tale <ytale(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2111157
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #11 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:5818
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:02 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #12 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:02 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:6224
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
4:33 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #13 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-1292
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
4:33 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |ERRATA
Status|NEW |CLOSED
Last Closed| |2022-09-03 09:33:23
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8:39 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095814, which changed state.
Bug 2095814 Summary: CVE-2022-1292 openssl3: openssl: c_rehash script allows command
injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2095814
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
7:06 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #14 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
JBoss Core Services on RHEL 7
JBoss Core Services for RHEL 8
Via RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
7:06 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:8840
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
7:21 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #15 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Core Services
Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
7:21 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:8841
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
6:25 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #16 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Web Server 5.7 on RHEL 7
Red Hat JBoss Web Server 5.7 on RHEL 8
Red Hat JBoss Web Server 5.7 on RHEL 9
Via RHSA-2022:8917 https://access.redhat.com/errata/RHSA-2022:8917
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
6:25 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:8917
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
6:39 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #17 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
JWS 5.7.1 release
Via RHSA-2022:8913 https://access.redhat.com/errata/RHSA-2022:8913
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
6:39 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2022:8913
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
1:19 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095816, which changed state.
Bug 2095816 Summary: CVE-2022-1292 edk2: openssl: c_rehash script allows command injection
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095816
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |EOL
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
1:50 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095815, which changed state.
Bug 2095815 Summary: CVE-2022-1292 mingw-openssl: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095815
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |EOL
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
2:34 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command
injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |CLOSED
Resolution|--- |EOL
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:03 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms <ehelms(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2230555
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
4:43 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Ganesh <gnaik(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gnaik(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
3:57 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Amey <abetkike(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abetkike(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
11:46 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms <ehelms(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2242350
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
12:16 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms <ehelms(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2242354
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
12:18 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms <ehelms(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |2242355
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8:13 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #24 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Satellite 6.13 for RHEL 8
Via RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...
8:13 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2023:5931
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
1:43 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #25 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Satellite 6.12 for RHEL 8
Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...
1:43 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2023:5979
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
1:43 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #26 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Satellite 6.11 for RHEL 7
Red Hat Satellite 6.11 for RHEL 8
Via RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:5980
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...
1:44 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2023:5980
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
5:25 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #27 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Satellite Client 6 for RHEL 6
Satellite Client 6 for RHEL 7
Satellite Client 6 for RHEL 8
Satellite Client 6 for RHEL 9
Via RHSA-2023:5982 https://access.redhat.com/errata/RHSA-2023:5982
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...
5:25 p.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2023:5982
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
8:16 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #28 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Satellite 6.14 for RHEL 8
Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...
8:17 a.m.
New subject: [Bug 2081494] CVE-2022-1292 openssl: c_rehash script allows command injection
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2023:6818
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
175
days inactive
729
days old
epel-packagers-sig@lists.fedoraproject.org
53 comments
1 participants
participants (1)
-
bugzilla@redhat.com