CLSA-2022-1657814965

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1657814965

Upstream

Published

2022-07-14T16:09:25Z

Modified

2026-06-04T10:04:14.704913629Z

Summary

Fix CVE(s): CVE-2022-1473, CVE-2022-1292, CVE-2022-2068

Details

SECURITY REGRESSION: Invalid fix for CVE-2022-1473
- debian/patches/CVE-2022-1473.patch: removing unnecessary patch since this version is actually not affected
SECURITY UPDATE: crehash script allows command injection
- debian/patches/CVE-2022-1292.patch: switch to upstream patch, and apply it before crehash-compat.patch
- debian/patches/CVE-2022-2068.patch: fix file operations in tools/crehash.in
- debian/patches/crehash-compat.patch: updated patch to apply after the security updates
- CVE-2022-2068

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els4

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1657814965.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els4

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1657814965.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els4

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1657814965.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els4

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1657814965.json"