Security update for openssl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2180-1 Final 1 1 2022-06-24T12:28:08Z current 2022-06-24T12:28:08Z 2022-06-24T12:28:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssl This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sles12sp3:latest-2022-2180,HPE-Helion-OpenStack-8-2022-2180,SUSE-2022-2180,SUSE-OpenStack-Cloud-8-2022-2180,SUSE-OpenStack-Cloud-Crowbar-8-2022-2180,SUSE-SLE-SAP-12-SP3-2022-2180,SUSE-SLE-SERVER-12-SP2-BCL-2022-2180,SUSE-SLE-SERVER-12-SP3-2022-2180,SUSE-SLE-SERVER-12-SP3-BCL-2022-2180 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222180-1/ Link for SUSE-SU-2022:2180-1 https://lists.suse.com/pipermail/sle-security-updates/2022-June/011354.html E-Mail link for SUSE-SU-2022:2180-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200550 SUSE Bug 1200550 https://www.suse.com/security/cve/CVE-2022-2068/ SUSE CVE CVE-2022-2068 page Container suse/sles12sp3:latest HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-doc-1.0.2j-60.83.1 libopenssl-devel-32bit-1.0.2j-60.83.1 libopenssl-devel-64bit-1.0.2j-60.83.1 libopenssl1_0_0-64bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-64bit-1.0.2j-60.83.1 openssl-cavs-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 as a component of Container suse/sles12sp3:latest openssl-1.0.2j-60.83.1 as a component of Container suse/sles12sp3:latest libopenssl-devel-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 openssl-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 openssl-doc-1.0.2j-60.83.1 as a component of HPE Helion OpenStack 8 libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL openssl-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL openssl-doc-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL openssl-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL openssl-doc-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS openssl-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS openssl-doc-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openssl-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 openssl-doc-1.0.2j-60.83.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 openssl-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 openssl-doc-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud 8 libopenssl-devel-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-32bit-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-hmac-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 openssl-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 openssl-doc-1.0.2j-60.83.1 as a component of SUSE OpenStack Cloud Crowbar 8 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). CVE-2022-2068 Container suse/sles12sp3:latest:libopenssl1_0_0-1.0.2j-60.83.1 Container suse/sles12sp3:latest:openssl-1.0.2j-60.83.1 HPE Helion OpenStack 8:libopenssl-devel-1.0.2j-60.83.1 HPE Helion OpenStack 8:libopenssl1_0_0-1.0.2j-60.83.1 HPE Helion OpenStack 8:libopenssl1_0_0-32bit-1.0.2j-60.83.1 HPE Helion OpenStack 8:libopenssl1_0_0-hmac-1.0.2j-60.83.1 HPE Helion OpenStack 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 HPE Helion OpenStack 8:openssl-1.0.2j-60.83.1 HPE Helion OpenStack 8:openssl-doc-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl-devel-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:openssl-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP2-BCL:openssl-doc-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl-devel-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:openssl-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-BCL:openssl-doc-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl-devel-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:openssl-1.0.2j-60.83.1 SUSE Linux Enterprise Server 12 SP3-LTSS:openssl-doc-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl-devel-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-1.0.2j-60.83.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:openssl-doc-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:libopenssl-devel-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:openssl-1.0.2j-60.83.1 SUSE OpenStack Cloud 8:openssl-doc-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:libopenssl-devel-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-32bit-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-hmac-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:openssl-1.0.2j-60.83.1 SUSE OpenStack Cloud Crowbar 8:openssl-doc-1.0.2j-60.83.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222180-1/ https://www.suse.com/security/cve/CVE-2022-2068.html CVE-2022-2068 https://bugzilla.suse.com/1200550 SUSE Bug 1200550 https://bugzilla.suse.com/1207568 SUSE Bug 1207568 https://bugzilla.suse.com/1225628 SUSE Bug 1225628