UBUNTU-CVE-2022-1292
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2022-1292
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1292.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-1292
- Related
- Published
- 2022-05-03T00:00:00Z
- Modified
- 2022-05-03T00:00:00Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the crehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
- References
-
- https://ubuntu.com/security/CVE-2022-1292
- https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html
- https://ubuntu.com/security/notices/USN-5402-1
- https://ubuntu.com/security/notices/USN-5402-2
- https://ubuntu.com/security/notices/USN-6457-1
- https://www.cve.org/CVERecord?id=CVE-2022-1292
- https://ubuntu.com/security/notices/USN-7018-1
Affected packages
Ubuntu:Pro:14.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.27+esm10?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1f-1ubuntu2.27+esm10
Affected versions
1.*
1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5
1.0.1f-1ubuntu2.27+esm6
1.0.1f-1ubuntu2.27+esm7
1.0.1f-1ubuntu2.27+esm9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
"libssl-dev": "1.0.1f-1ubuntu2.27+esm10",
"libssl1.0.0": "1.0.1f-1ubuntu2.27+esm10",
"libssl-doc": "1.0.1f-1ubuntu2.27+esm10",
"libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
"libssl1.0.0-dbg": "1.0.1f-1ubuntu2.27+esm10",
"libssl-dev-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
"openssl": "1.0.1f-1ubuntu2.27+esm10",
"openssl-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
"libssl1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10",
"libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
"libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10"
}
]
}
Ubuntu:Pro:16.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.20+esm3?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2g-1ubuntu4.20+esm3
Affected versions
1.*
1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm3",
"libssl-dev": "1.0.2g-1ubuntu4.20+esm3",
"libssl1.0.0": "1.0.2g-1ubuntu4.20+esm3",
"libssl-doc": "1.0.2g-1ubuntu4.20+esm3",
"libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm3",
"libssl1.0.0-dbg": "1.0.2g-1ubuntu4.20+esm3",
"libssl-dev-dbgsym": "1.0.2g-1ubuntu4.20+esm3",
"openssl": "1.0.2g-1ubuntu4.20+esm3",
"openssl-dbgsym": "1.0.2g-1ubuntu4.20+esm3",
"libssl1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm3",
"libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.20+esm3",
"libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm3"
}
]
}
Ubuntu:Pro:16.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.17?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1-1ubuntu2.1~18.04.17
Affected versions
1.*
1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl-doc": "1.1.1-1ubuntu2.1~18.04.17",
"libssl-dev": "1.1.1-1ubuntu2.1~18.04.17",
"libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.17",
"libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.17",
"libssl1.1": "1.1.1-1ubuntu2.1~18.04.17",
"openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.17",
"libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.17",
"openssl": "1.1.1-1ubuntu2.1~18.04.17"
}
]
}
Ubuntu:18.04:LTS / openssl1.0
Package
- Name
- openssl1.0
- Purl
- pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.9?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2n-1ubuntu5.9
Affected versions
1.*
1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl1.0.0-dbgsym": "1.0.2n-1ubuntu5.9",
"libssl1.0-dev": "1.0.2n-1ubuntu5.9",
"openssl1.0": "1.0.2n-1ubuntu5.9",
"openssl1.0-dbgsym": "1.0.2n-1ubuntu5.9",
"libssl1.0.0-udeb": "1.0.2n-1ubuntu5.9",
"libssl1.0.0": "1.0.2n-1ubuntu5.9",
"libcrypto1.0.0-udeb": "1.0.2n-1ubuntu5.9"
}
]
}
Ubuntu:20.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.13?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1f-1ubuntu2.13
Affected versions
1.*
1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl-doc": "1.1.1f-1ubuntu2.13",
"libssl-dev": "1.1.1f-1ubuntu2.13",
"libssl1.1-dbgsym": "1.1.1f-1ubuntu2.13",
"libssl1.1-udeb": "1.1.1f-1ubuntu2.13",
"libssl1.1": "1.1.1f-1ubuntu2.13",
"openssl-dbgsym": "1.1.1f-1ubuntu2.13",
"libcrypto1.1-udeb": "1.1.1f-1ubuntu2.13",
"openssl": "1.1.1f-1ubuntu2.13"
}
]
}
Ubuntu:22.04:LTS / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.1?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.22.9~dfsg-1ubuntu3.1
Affected versions
12.*
12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"nodejs-doc": "12.22.9~dfsg-1ubuntu3.1",
"libnode72": "12.22.9~dfsg-1ubuntu3.1",
"nodejs": "12.22.9~dfsg-1ubuntu3.1",
"libnode-dev": "12.22.9~dfsg-1ubuntu3.1",
"libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3.1",
"nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3.1"
}
]
}
Ubuntu:22.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.1?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-0ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libssl3": "3.0.2-0ubuntu1.1",
"libssl-dev": "3.0.2-0ubuntu1.1",
"openssl-dbgsym": "3.0.2-0ubuntu1.1",
"openssl": "3.0.2-0ubuntu1.1",
"libssl-doc": "3.0.2-0ubuntu1.1",
"libssl3-dbgsym": "3.0.2-0ubuntu1.1"
}
]
}