Skip to content

OpenSSL 1.1.1p
Compare
Choose a tag to compare
@philyuchkoff philyuchkoff released this 27 Jun 07:49
· 84 commits to master since this release
1.1.1p
f3e52fb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes between 1.1.1o and 1.1.1p [21 Jun 2022]

  • In addition to the c_rehash shell command injection identified in
    CVE-2022-1292, further bugs where the c_rehash script does not
    properly sanitise shell metacharacters to prevent command injection have been
    fixed.

    When the CVE-2022-1292 was fixed it was not discovered that there
    are other places in the script where the file names of certificates
    being hashed were possibly passed to a command executed through the shell.

    This script is distributed by some operating systems in a manner where
    it is automatically executed. On such operating systems, an attacker
    could execute arbitrary commands with the privileges of the script.

    Use of the c_rehash script is considered obsolete and should be replaced
    by the OpenSSL rehash command line tool.
    (CVE-2022-2068)
    [Daniel Fiala, Tomáš Mráz]

  • When OpenSSL TLS client is connecting without any supported elliptic
    curves and TLS-1.3 protocol is disabled the connection will no longer fail
    if a ciphersuite that does not use a key exchange based on elliptic
    curves can be negotiated.
    [Tomáš Mráz]

Assets 3
Loading