Test ID:	1.3.6.1.4.1.25623.1.1.13.2022.174.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2022-174-01)
Summary:	The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2022-174-01 advisory.
Description:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2022-174-01 advisory. Vulnerability Insight: New openssl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/openssl-1.1.1p-i586-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: [links moved to references] (* Security fix *) patches/packages/openssl-solibs-1.1.1p-i586-1_slack15.0.txz: Upgraded. +--------------------------+ Affected Software/OS: 'openssl' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1292 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 https://security.netapp.com/advisory/ntap-20220602-0009/ https://www.openssl.org/news/secadv/20220503.txt Debian Security Information: DSA-5139 (Google Search) https://www.debian.org/security/2022/dsa-5139 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ https://security.gentoo.org/glsa/202210-02 https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2068 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7 https://www.openssl.org/news/secadv/20220621.txt Debian Security Information: DSA-5169 (Google Search) https://www.debian.org/security/2022/dsa-5169 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.