SUSE-SU-2022:2306-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2306-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:2306-1
- Related
- Published
- 2022-07-06T11:49:35Z
- Modified
- 2022-07-06T11:49:35Z
- Summary
- Security update for openssl-3
- Details
-
This update for openssl-3 fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166)
- CVE-2022-1343: Fixed incorrect signature verification in OCSPbasicverify (bsc#1199167).
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
- CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168).
- CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20222306-1/
- https://bugzilla.suse.com/1185637
- https://bugzilla.suse.com/1199166
- https://bugzilla.suse.com/1199167
- https://bugzilla.suse.com/1199168
- https://bugzilla.suse.com/1199169
- https://bugzilla.suse.com/1200550
- https://bugzilla.suse.com/1201099
- https://www.suse.com/security/cve/CVE-2022-1292
- https://www.suse.com/security/cve/CVE-2022-1343
- https://www.suse.com/security/cve/CVE-2022-1434
- https://www.suse.com/security/cve/CVE-2022-1473
- https://www.suse.com/security/cve/CVE-2022-2068
- https://www.suse.com/security/cve/CVE-2022-2097
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / openssl-3
Package
- Name
- openssl-3
- Purl
- purl:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4