git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Wed, 4 May 2022 10:59:48 +0000 (12:59 +0200)
committer	Peter Müller <peter.mueller@ipfire.org>
	Thu, 5 May 2022 14:18:34 +0000 (14:18 +0000)
commit	a694737a131fccbc791ab70693a0da8b1c5d550b
tree	6c5f6c4f01e5878ff8731d43a30404f4001970f4	tree \| snapshot
parent	d97295c680de05d7528471077115a46f3a48f600	commit \| diff

openssl: Update to version 1.1.1o

- Update from version 1.1.1n to 1.1.1o
- Update of rootfile not required
- This patch is to go into CU168 as this update is for fixing a moderate severity CVE
- Changelog
   1.1.1o [3 May 2022]
    (CVE-2022-1292)
    Fixed a bug in the c_rehash script which was not properly sanitising shell
    metacharacters to prevent command injection.  This script is distributed by
    some operating systems in a manner where it is automatically executed.  On
    such operating systems, an attacker could execute arbitrary commands with the
    privileges of the script.
    Use of the c_rehash script is considered obsolete and should be replaced
    by the OpenSSL rehash command line tool.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>