In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10", "libssl-dev": "1.0.1f-1ubuntu2.27+esm10", "libssl1.0.0": "1.0.1f-1ubuntu2.27+esm10", "libssl-doc": "1.0.1f-1ubuntu2.27+esm10", "libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10", "libssl1.0.0-dbg": "1.0.1f-1ubuntu2.27+esm10", "libssl-dev-dbgsym": "1.0.1f-1ubuntu2.27+esm10", "openssl": "1.0.1f-1ubuntu2.27+esm10", "openssl-dbgsym": "1.0.1f-1ubuntu2.27+esm10", "libssl1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10", "libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.27+esm10", "libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm5", "libssl-dev": "1.0.2g-1ubuntu4.20+esm5", "libssl1.0.0": "1.0.2g-1ubuntu4.20+esm5", "libssl-doc": "1.0.2g-1ubuntu4.20+esm5", "libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm5", "libssl1.0.0-dbg": "1.0.2g-1ubuntu4.20+esm5", "libssl-dev-dbgsym": "1.0.2g-1ubuntu4.20+esm5", "openssl": "1.0.2g-1ubuntu4.20+esm5", "openssl-dbgsym": "1.0.2g-1ubuntu4.20+esm5", "libssl1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm5", "libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.20+esm5", "libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libssl-doc": "1.1.1-1ubuntu2.1~18.04.19", "libssl-dev": "1.1.1-1ubuntu2.1~18.04.19", "libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.19", "libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.19", "libssl1.1": "1.1.1-1ubuntu2.1~18.04.19", "openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.19", "libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.19", "openssl": "1.1.1-1ubuntu2.1~18.04.19" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libssl1.0.0-dbgsym": "1.0.2n-1ubuntu5.10", "libssl1.0-dev": "1.0.2n-1ubuntu5.10", "openssl1.0": "1.0.2n-1ubuntu5.10", "openssl1.0-dbgsym": "1.0.2n-1ubuntu5.10", "libssl1.0.0-udeb": "1.0.2n-1ubuntu5.10", "libssl1.0.0": "1.0.2n-1ubuntu5.10", "libcrypto1.0.0-udeb": "1.0.2n-1ubuntu5.10" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libssl-doc": "1.1.1f-1ubuntu2.15", "libssl-dev": "1.1.1f-1ubuntu2.15", "libssl1.1-dbgsym": "1.1.1f-1ubuntu2.15", "libssl1.1-udeb": "1.1.1f-1ubuntu2.15", "libssl1.1": "1.1.1f-1ubuntu2.15", "openssl-dbgsym": "1.1.1f-1ubuntu2.15", "libcrypto1.1-udeb": "1.1.1f-1ubuntu2.15", "openssl": "1.1.1f-1ubuntu2.15" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "nodejs-doc": "12.22.9~dfsg-1ubuntu3.1", "libnode72": "12.22.9~dfsg-1ubuntu3.1", "nodejs": "12.22.9~dfsg-1ubuntu3.1", "libnode-dev": "12.22.9~dfsg-1ubuntu3.1", "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3.1", "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libssl3": "3.0.2-0ubuntu1.5", "libssl-dev": "3.0.2-0ubuntu1.5", "openssl-dbgsym": "3.0.2-0ubuntu1.5", "openssl": "3.0.2-0ubuntu1.5", "libssl-doc": "3.0.2-0ubuntu1.5", "libssl3-dbgsym": "3.0.2-0ubuntu1.5" } ] }