[USN-5488-1] OpenSSL vulnerability

Severity Medium

Affected Packages 19

CVEs 1

OpenSSL could be made to crash or run programs when the c_rehash script is used.

Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run.

Package	Affected Version
pkg:deb/ubuntu/openssl?distro=jammy	< 3.0.2-0ubuntu1.5
pkg:deb/ubuntu/openssl?distro=impish	< 1.1.1l-1ubuntu1.5
pkg:deb/ubuntu/openssl?distro=focal	< 1.1.1f-1ubuntu2.15
pkg:deb/ubuntu/openssl?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.19
pkg:deb/ubuntu/openssl1.0?distro=bionic	< 1.0.2n-1ubuntu5.10
pkg:deb/ubuntu/libssl3?distro=jammy	< 3.0.2-0ubuntu1.5
pkg:deb/ubuntu/libssl1.1?distro=impish	< 1.1.1l-1ubuntu1.5
pkg:deb/ubuntu/libssl1.1?distro=focal	< 1.1.1f-1ubuntu2.15
pkg:deb/ubuntu/libssl1.1?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.19
pkg:deb/ubuntu/libssl1.0.0?distro=bionic	< 1.0.2n-1ubuntu5.10
pkg:deb/ubuntu/libssl1.0-dev?distro=bionic	< 1.0.2n-1ubuntu5.10
pkg:deb/ubuntu/libssl-doc?distro=jammy	< 3.0.2-0ubuntu1.5
pkg:deb/ubuntu/libssl-doc?distro=impish	< 1.1.1l-1ubuntu1.5
pkg:deb/ubuntu/libssl-doc?distro=focal	< 1.1.1f-1ubuntu2.15
pkg:deb/ubuntu/libssl-doc?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.19
pkg:deb/ubuntu/libssl-dev?distro=jammy	< 3.0.2-0ubuntu1.5
pkg:deb/ubuntu/libssl-dev?distro=impish	< 1.1.1l-1ubuntu1.5
pkg:deb/ubuntu/libssl-dev?distro=focal	< 1.1.1f-1ubuntu2.15
pkg:deb/ubuntu/libssl-dev?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.19

ID

USN-5488-1

Severity

medium

URL

https://ubuntu.com/security/notices/USN-5488-1

Published

2022-06-21T14:36:21
(2 years ago)

Modified

2022-06-21T14:36:21
(2 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/openssl?distro=jammy	ubuntu	openssl	< 3.0.2-0ubuntu1.5	jammy
Affected	pkg:deb/ubuntu/openssl?distro=impish	ubuntu	openssl	< 1.1.1l-1ubuntu1.5	impish
Affected	pkg:deb/ubuntu/openssl?distro=focal	ubuntu	openssl	< 1.1.1f-1ubuntu2.15	focal
Affected	pkg:deb/ubuntu/openssl?distro=bionic	ubuntu	openssl	< 1.1.1-1ubuntu2.1~18.04.19	bionic
Affected	pkg:deb/ubuntu/openssl1.0?distro=bionic	ubuntu	openssl1.0	< 1.0.2n-1ubuntu5.10	bionic
Affected	pkg:deb/ubuntu/libssl3?distro=jammy	ubuntu	libssl3	< 3.0.2-0ubuntu1.5	jammy
Affected	pkg:deb/ubuntu/libssl1.1?distro=impish	ubuntu	libssl1.1	< 1.1.1l-1ubuntu1.5	impish
Affected	pkg:deb/ubuntu/libssl1.1?distro=focal	ubuntu	libssl1.1	< 1.1.1f-1ubuntu2.15	focal
Affected	pkg:deb/ubuntu/libssl1.1?distro=bionic	ubuntu	libssl1.1	< 1.1.1-1ubuntu2.1~18.04.19	bionic
Affected	pkg:deb/ubuntu/libssl1.0.0?distro=bionic	ubuntu	libssl1.0.0	< 1.0.2n-1ubuntu5.10	bionic
Affected	pkg:deb/ubuntu/libssl1.0-dev?distro=bionic	ubuntu	libssl1.0-dev	< 1.0.2n-1ubuntu5.10	bionic
Affected	pkg:deb/ubuntu/libssl-doc?distro=jammy	ubuntu	libssl-doc	< 3.0.2-0ubuntu1.5	jammy
Affected	pkg:deb/ubuntu/libssl-doc?distro=impish	ubuntu	libssl-doc	< 1.1.1l-1ubuntu1.5	impish
Affected	pkg:deb/ubuntu/libssl-doc?distro=focal	ubuntu	libssl-doc	< 1.1.1f-1ubuntu2.15	focal
Affected	pkg:deb/ubuntu/libssl-doc?distro=bionic	ubuntu	libssl-doc	< 1.1.1-1ubuntu2.1~18.04.19	bionic
Affected	pkg:deb/ubuntu/libssl-dev?distro=jammy	ubuntu	libssl-dev	< 3.0.2-0ubuntu1.5	jammy
Affected	pkg:deb/ubuntu/libssl-dev?distro=impish	ubuntu	libssl-dev	< 1.1.1l-1ubuntu1.5	impish
Affected	pkg:deb/ubuntu/libssl-dev?distro=focal	ubuntu	libssl-dev	< 1.1.1f-1ubuntu2.15	focal
Affected	pkg:deb/ubuntu/libssl-dev?distro=bionic	ubuntu	libssl-dev	< 1.1.1-1ubuntu2.1~18.04.19	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date