aboutsummaryrefslogtreecommitdiffstats
path: root/toolchain
diff options
context:
space:
mode:
authorAndre Heider <a.heider@gmail.com>2022-06-23 09:08:07 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2022-07-04 23:03:09 +0200
commiteb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1 (patch)
treec0fc56c48f56bdf087e87ddc76486f43f4f5a01f /toolchain
parent341121edd49428acb992ce34b27e51454ca904cf (diff)
downloadupstream-eb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1.tar.gz
upstream-eb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1.tar.bz2
upstream-eb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1.zip
openssl: bump to 1.1.1p
Changes between 1.1.1o and 1.1.1p [21 Jun 2022] *) In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. (CVE-2022-2068) [Daniel Fiala, Tomáš Mráz] *) When OpenSSL TLS client is connecting without any supported elliptic curves and TLS-1.3 protocol is disabled the connection will no longer fail if a ciphersuite that does not use a key exchange based on elliptic curves can be negotiated. [Tomáš Mráz] Signed-off-by: Andre Heider <a.heider@gmail.com>
Diffstat (limited to 'toolchain')
0 files changed, 0 insertions, 0 deletions