https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Bug ID: 2081494 Summary: CVE-2022-1292 openssl: c_rehash script allows command injection Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: pdelbell@redhat.com CC: aos-bugs@redhat.com, asoldano@redhat.com, bbaranow@redhat.com, bdettelb@redhat.com, berrange@redhat.com, bmaxwell@redhat.com, bootloader-eng-team@redhat.com, brian.stansberry@redhat.com, caswilli@redhat.com, cdewolf@redhat.com, cfergeau@redhat.com, chazlett@redhat.com, crobinso@redhat.com, crypto-team@lists.fedoraproject.org, csutherl@redhat.com, darran.lofthouse@redhat.com, dbelyavs@redhat.com, ddepaula@redhat.com, dhalasz@redhat.com, dkreling@redhat.com, dkuc@redhat.com, dosoudil@redhat.com, dueno@redhat.com, elima@redhat.com, epel-packagers-sig@lists.fedoraproject.org, erik-fedora@vanpienbroek.nl, f4bug@amsat.org, fjansen@redhat.com, fjuma@redhat.com, fmartine@redhat.com, gparvin@redhat.com, gzaronik@redhat.com, iweiss@redhat.com, jburrell@redhat.com, jclere@redhat.com, jferlan@redhat.com, jkoehler@redhat.com, jochrist@redhat.com, jramanat@redhat.com, jwong@redhat.com, jwon@redhat.com, kaycoth@redhat.com, krathod@redhat.com, kraxel@redhat.com, ktietz@redhat.com, lgao@redhat.com, marcandre.lureau@redhat.com, michal.skrivanek@redhat.com, michel@michel-slm.name, micjohns@redhat.com, mjg59@srcf.ucam.org, mosmerov@redhat.com, mperina@redhat.com, msochure@redhat.com, mspacek@redhat.com, msvehla@redhat.com, mturk@redhat.com, njean@redhat.com, nwallace@redhat.com, pahickey@redhat.com, pbonzini@redhat.com, pjindal@redhat.com, pjones@redhat.com, pmackay@redhat.com, redhat-bugzilla@linuxnetz.de, rfreiman@redhat.com, rharwood@redhat.com, rh-spice-bugs@redhat.com, rjones@redhat.com, rstancel@redhat.com, rsvoboda@redhat.com, sahana@redhat.com, sbonazzo@redhat.com, smaestri@redhat.com, stcannon@redhat.com, sthirugn@redhat.com, szappis@redhat.com, tmeszaro@redhat.com, tm@t8m.info, tom.jenkinson@redhat.com, virt-maint@lists.fedoraproject.org, virt-maint@redhat.com, vkrizan@redhat.com, vkumar@redhat.com, vmugicag@redhat.com Target Milestone: --- Classification: Other
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.
OpenSSL 1.0.2 users should upgrade to 1.0.2ze OpenSSL 1.1.1 users should upgrade to 1.1.1o OpenSSL 3.0 users should upgrade to 3.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Patrick Del Bello pdelbell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2081495
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Borja Tarraso btarraso@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2081827
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2090361, 2090362
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2090372, 2090371
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #5 from Mauro Matteo Cascella mcascell@redhat.com --- Upstream fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c33270707b568c524a...
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
amctagga@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2090388, 2090386
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Comment|5 |updated
--- Comment #5 has been edited ---
OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20220503.txt
Upstream fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c33270707b568c524a...
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2090566
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2095800, 2095801, 2095798, | |2095799, 2095802
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2095812, 2095818, 2095816, | |2095814, 2095817, 2095815, | |2095813
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2095812 [Bug 2095812] CVE-2022-1292 openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095813 [Bug 2095813] CVE-2022-1292 openssl11: openssl: c_rehash script allows command injection [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2095814 [Bug 2095814] CVE-2022-1292 openssl3: openssl: c_rehash script allows command injection [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2095815 [Bug 2095815] CVE-2022-1292 mingw-openssl: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095816 [Bug 2095816] CVE-2022-1292 edk2: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095817 [Bug 2095817] CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095818 [Bug 2095818] CVE-2022-1292 shim: openssl: c_rehash script allows command injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #9 from Mauro Matteo Cascella mcascell@redhat.com --- Created edk2 tracking bugs for this issue:
Affects: fedora-all [bug 2095816]
Created mingw-openssl tracking bugs for this issue:
Affects: fedora-all [bug 2095815]
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 2095812]
Created openssl1.1 tracking bugs for this issue:
Affects: fedora-all [bug 2095817]
Created openssl11 tracking bugs for this issue:
Affects: epel-7 [bug 2095813]
Created openssl3 tracking bugs for this issue:
Affects: epel-8 [bug 2095814]
Created shim tracking bugs for this issue:
Affects: fedora-all [bug 2095818]
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Doc Text *updated* by Mauro Matteo Cascella mcascell@redhat.com --- A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095818, which changed state.
Bug 2095818 Summary: CVE-2022-1292 shim: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095818
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095813, which changed state.
Bug 2095813 Summary: CVE-2022-1292 openssl11: openssl: c_rehash script allows command injection [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2095813
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CANTFIX
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095812, which changed state.
Bug 2095812 Summary: CVE-2022-1292 openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095812
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |MODIFIED Resolution|ERRATA |---
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Yadnyawalk Tale ytale@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2111157
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #11 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:5818
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #12 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:6224
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #13 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-1292
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ERRATA Status|NEW |CLOSED Last Closed| |2022-09-03 09:33:23
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095814, which changed state.
Bug 2095814 Summary: CVE-2022-1292 openssl3: openssl: c_rehash script allows command injection [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2095814
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #14 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8
Via RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:8840
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #15 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Core Services
Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:8841
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #16 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Web Server 5.7 on RHEL 7 Red Hat JBoss Web Server 5.7 on RHEL 8 Red Hat JBoss Web Server 5.7 on RHEL 9
Via RHSA-2022:8917 https://access.redhat.com/errata/RHSA-2022:8917
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:8917
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #17 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
JWS 5.7.1 release
Via RHSA-2022:8913 https://access.redhat.com/errata/RHSA-2022:8913
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:8913
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095816, which changed state.
Bug 2095816 Summary: CVE-2022-1292 edk2: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095816
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095815, which changed state.
Bug 2095815 Summary: CVE-2022-1292 mingw-openssl: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095815
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug 2081494 depends on bug 2095817, which changed state.
Bug 2095817 Summary: CVE-2022-1292 openssl1.1: openssl: c_rehash script allows command injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2095817
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms ehelms@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2230555
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Ganesh gnaik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gnaik@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Amey abetkike@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |abetkike@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms ehelms@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2242350
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms ehelms@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2242354
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
Eric Helms ehelms@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2242355
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #24 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Satellite 6.13 for RHEL 8
Via RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:5931
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #25 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Satellite 6.12 for RHEL 8
Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:5979
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #26 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8
Via RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:5980
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:5980
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #27 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Satellite Client 6 for RHEL 6 Satellite Client 6 for RHEL 7 Satellite Client 6 for RHEL 8 Satellite Client 6 for RHEL 9
Via RHSA-2023:5982 https://access.redhat.com/errata/RHSA-2023:5982
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:5982
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
--- Comment #28 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Satellite 6.14 for RHEL 8
Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
https://bugzilla.redhat.com/show_bug.cgi?id=2081494
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:6818
epel-packagers-sig@lists.fedoraproject.org