[CLSA-2022:1657814965] Fix CVE(s): CVE-2022-1473, CVE-2022-1292, CVE-2022-2068

Type:

security

Severity:

Critical

Release date:

2022-07-14 16:09:25 UTC

Description:

   * SECURITY REGRESSION: Invalid fix for CVE-2022-1473
     - debian/patches/CVE-2022-1473.patch: removing unnecessary patch since
       this version is actually not affected
   * SECURITY UPDATE: c_rehash script allows command injection
     - debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
       apply it before c_rehash-compat.patch
     - debian/patches/CVE-2022-2068.patch: fix file operations in
       tools/c_rehash.in
     - debian/patches/c_rehash-compat.patch: updated patch to apply after
       the security updates
     - CVE-2022-2068

Updated packages:

libssl-dev_1.0.2g-1ubuntu4.21+tuxcare.els4_amd64.deb
sha:5c7873740644dc254a9aa6949e9d5217ac3610dc
libssl-doc_1.0.2g-1ubuntu4.21+tuxcare.els4_all.deb
sha:632d084d1af09a5d5e40c346432e3895014be9e2
libssl1.0.0_1.0.2g-1ubuntu4.21+tuxcare.els4_amd64.deb
sha:73aa0ab92d76dc352ddf93ee3bc3ec97bde0d624
openssl_1.0.2g-1ubuntu4.21+tuxcare.els4_amd64.deb
sha:bd9fe94aefb03dfeb07ecaa1f6620a6c1ac03751

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.