From 40bf9bf864ed33599654671687a082f83ccca943 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Thu, 23 Jun 2022 05:30:51 +0000 Subject: Thu Jun 23 05:30:51 UTC 2022 patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. --- ChangeLog.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'ChangeLog.txt') diff --git a/ChangeLog.txt b/ChangeLog.txt index 2deeff5b4..5ed285833 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,21 @@ +Thu Jun 23 05:30:51 UTC 2022 +patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. + This update provides the latest CA certificates to check for the + authenticity of SSL connections. +patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. + In addition to the c_rehash shell command injection identified in + CVE-2022-1292, further circumstances where the c_rehash script does not + properly sanitise shell metacharacters to prevent command injection were + found by code review. + When the CVE-2022-1292 was fixed it was not discovered that there + are other places in the script where the file names of certificates + being hashed were possibly passed to a command executed through the shell. + For more information, see: + https://www.openssl.org/news/secadv/20220621.txt + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 + (* Security fix *) +patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. ++--------------------------+ Mon Jun 13 21:02:58 UTC 2022 patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: -- cgit v1.2.3-65-gdbad