Back to bug 2097310
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2022-06-15 12:16:30 UTC | CC | security-response-team | |
| Marian Rehak | 2022-06-15 12:16:48 UTC | Blocks | 2097311 | |
| Mauro Matteo Cascella | 2022-06-16 15:30:47 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Mauro Matteo Cascella | 2022-06-16 15:43:59 UTC | Doc Text | A flaw was found in OpenSSL. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the `c_rehash` script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. | |
| Mauro Matteo Cascella | 2022-06-16 16:01:46 UTC | Fixed In Version | openssl 1.1.1p, openssl 3.0.4 | openssl 1.0.2zf, openssl 1.1.1p, openssl 3.0.4 |
| RaTasha Tillery-Smith | 2022-06-16 19:43:00 UTC | Doc Text | A flaw was found in OpenSSL. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the `c_rehash` script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. | A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script. |
| Avinash Hanwate | 2022-06-17 08:47:35 UTC | Group | team ocp_embargoes | |
| Depends On | 2098089 | |||
| Mauro Matteo Cascella | 2022-06-17 20:04:56 UTC | CC | vkumar | |
| Mauro Matteo Cascella | 2022-06-17 20:08:41 UTC | Depends On | 2098273 | |
| Mauro Matteo Cascella | 2022-06-17 20:13:19 UTC | Depends On | 2098277, 2098278, 2098279, 2098276 | |
| Mauro Matteo Cascella | 2022-06-17 20:14:11 UTC | Depends On | 2098281, 2098280 | |
| Sandipan Roy | 2022-06-20 15:01:43 UTC | CC | jwong, kaycoth, kshier | |
| Sandipan Roy | 2022-06-20 15:04:04 UTC | CC | asoldano, bbaranow, bmaxwell, brian.stansberry, caswilli, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, fjansen, fjuma, gzaronik, iweiss, jochrist, lgao, mosmerov, msochure, msvehla, nwallace, pmackay, rfreiman, rstancel, rsvoboda, smaestri, tmeszaro, tom.jenkinson | |
| Sandipan Roy | 2022-06-20 15:06:01 UTC | CC | dhalasz, dkuc, micjohns, sthirugn, vkrizan, vmugicag | |
| Sandipan Roy | 2022-06-20 15:08:02 UTC | CC | bdettelb, dffrench, gparvin, jramanat, michal.skrivanek, mperina, ngough, njean, pahickey, rgodfrey, sbonazzo, stcannon | |
| Borja Tarraso | 2022-06-21 04:54:25 UTC | Depends On | 2099471 | |
| Patrick Del Bello | 2022-06-21 16:59:00 UTC | Flags | needinfo?(mrehak) | |
| Marian Rehak | 2022-06-22 06:07:03 UTC | Group | qe_staff, security, team ocp_embargoes | |
| CC | bootloader-eng-team, cfergeau, crobinso, crypto-team, dueno, elima, epel-packagers-sig, erik-fedora, f4bug, fmartine, ktietz, marcandre.lureau, michel, mjg59, mspacek, pjones, redhat-bugzilla, rharwood, rh-spice-bugs, rjones, sahana, tm, virt-maint, virt-maint | |||
| Deadline | 2022-06-21 | |||
| Summary | EMBARGOED CVE-2022-2068 openssl: the c_rehash script allows command injection | CVE-2022-2068 openssl: the c_rehash script allows command injection | ||
| Marian Rehak | 2022-06-22 06:07:53 UTC | Depends On | 2099971, 2099974, 2099973, 2099972, 2099975, 2099969, 2099970 | |
| Marian Rehak | 2022-06-22 06:08:13 UTC | Flags | needinfo?(mrehak) | |
| Mauro Matteo Cascella | 2022-06-22 10:34:37 UTC | Comment | 0 | updated |
| Dmitry Belyavskiy | 2022-06-22 11:06:49 UTC | CC | mcascell | |
| Flags | needinfo?(mcascell) | |||
| Mauro Matteo Cascella | 2022-06-22 14:03:18 UTC | Depends On | 2100097, 2100098 | |
| Flags | needinfo?(mcascell) | |||
| David Hernández Fernández | 2022-06-23 12:03:12 UTC | CC | dahernan | |
| kyoneyama | 2022-06-27 02:04:15 UTC | CC | kyoneyam | |
| Avinash Hanwate | 2022-07-07 03:55:15 UTC | Depends On | 2104732 | |
| Stefan Meyer | 2022-07-11 09:04:44 UTC | CC | smeyer | |
| Yadnyawalk Tale | 2022-07-26 15:41:02 UTC | CC | hasuzuki | |
| Depends On | 2111157 | |||
| Yadnyawalk Tale | 2022-07-26 15:49:09 UTC | CC | bbuckingham, bcourt, btotty, ehelms, jsherril, lzap, mhulan, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan | |
| errata-xmlrpc | 2022-08-03 13:00:42 UTC | Link ID | Red Hat Product Errata RHSA-2022:5818 | |
| Przemyslaw Roguski | 2022-08-03 16:37:04 UTC | Depends On | 2098089 | |
| Przemyslaw Roguski | 2022-08-03 16:38:10 UTC | CC | bmontgom, eparis, nstielau, sponnaga | |
| errata-xmlrpc | 2022-08-30 16:02:35 UTC | Link ID | Red Hat Product Errata RHSA-2022:6224 | |
| Product Security DevOps Team | 2022-09-03 10:26:24 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2022-09-03 10:26:24 UTC | |||
| errata-xmlrpc | 2022-12-08 13:07:16 UTC | Link ID | Red Hat Product Errata RHSA-2022:8840 | |
| errata-xmlrpc | 2022-12-08 13:22:05 UTC | Link ID | Red Hat Product Errata RHSA-2022:8841 | |
| errata-xmlrpc | 2022-12-12 12:25:38 UTC | Link ID | Red Hat Product Errata RHSA-2022:8917 | |
| errata-xmlrpc | 2022-12-12 12:39:45 UTC | Link ID | Red Hat Product Errata RHSA-2022:8913 | |
| Eric Helms | 2023-08-09 16:03:36 UTC | Depends On | 2230555 |
Back to bug 2097310