Bug 1199166 – VUL-0: CVE-2022-1292: openssl,openssl-1_0_0,openssl1,openssl-3,compat-openssl098,openssl-1_1: command injection in c_rehash

Bug 1199166 - (CVE-2022-1292) VUL-0: CVE-2022-1292: openssl,openssl-1_0_0,openssl1,openssl-3,compat-openssl098,openssl-1_1: command injection in c_rehash

(CVE-2022-1292)
Summary:	VUL-0: CVE-2022-1292: openssl,openssl-1_0_0,openssl1,openssl-3,compat-openssl...

Status:	IN_PROGRESS

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/330566/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-1292:6.7:(AV:L...
Keywords:

Depends on:
Blocks:	1199336
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-05-03 15:14 UTC by Marcus Meissner
Modified:	2023-03-17 14:45 UTC (History)
CC List:	11 users (show)

See Also:	1199844
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2022-05-03 15:14:17 UTC

CVE-2022-1292

https://www.openssl.org/news/secadv/20220503.txt

The c_rehash script allows command injection (CVE-2022-1292)
============================================================

Severity: Moderate

The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection.  This script is distributed by some operating
systems in a manner where it is automatically executed.  On such operating
systems, an attacker could execute arbitrary commands with the privileges
of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2ze (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1o
OpenSSL 3.0 users should upgrade to 3.0.3

This issue was reported to OpenSSL on the 2nd April 2022.  It was found by
Elison Niven of Sophos.  The fix was developed by Tomas Mraz from OpenSSL.

Comment 1 Marcus Meissner 2022-05-03 15:14:32 UTC

(as the script has not changed much, likely also all older affected)

Comment 2 Marcus Meissner 2022-05-24 08:27:29 UTC

ping? no submisison yet

Comment 5 Jason Sikes 2022-06-01 11:54:01 UTC

I have a fix in most of our code streams. However, they are now failing to build because of bsc#1185637.

Upstream is working on the fix right for bsc#1185637 now.

Comment 8 Jason Sikes 2022-06-03 13:03:57 UTC

There are two code streams that are having issues. @pgajdos gave me some pointers to deal with them so this is still being worked on. Here are the submission I have made so far:

| Path                                 | Status                    |
|--------------------------------------+---------------------------|
| SUSE:SLE-15-SP4:Update/openssl-3     | created request id 273505 |
| SUSE:SLE-15-SP4:Update/openssl-1_1   | created request id 273506 |
| openssl-1_1.SUSE_SLE-15-SP2_Update   |                           |
| openssl-1_1.SUSE_SLE-12-SP4_Update   |                           |
| openssl-1_1.SUSE_SLE-15_Update       | created request id 273521 |
| openssl-1_1.SUSE_SLE-15-SP1_Update   | created request id 273522 |
| openssl-1_0_0.SUSE_SLE-15_Update     | created request id 273523 |
| openssl-1_0_0.SUSE_SLE-12-SP4_Update | created request id 273524 |
| openssl.SUSE_SLE-12-SP2_Update       | created request id 273525 |
| openssl1.SUSE_SLE-11-SP3_Update      | created request id 273526 |
| openssl.SUSE_SLE-11-SP1_Update       | created request id 273527 |
| compat-openssl098.SUSE_SLE-12_Update | created request id 273528 |

Comment 9 OBSbugzilla Bot 2022-06-07 08:40:04 UTC

This is an autogenerated message for OBS integration:
This bug (1199166) was mentioned in
https://build.opensuse.org/request/show/981089 Factory / openssl-1_1

Comment 12 Jason Sikes 2022-06-09 10:54:36 UTC

Fixed the two problem streams:

| openssl-1_1.SUSE_SLE-15-SP2_Update   | created request id 273928 |
| openssl-1_1.SUSE_SLE-12-SP4_Update   | created request id 273929 |

Comment 14 Jason Sikes 2022-06-09 17:43:27 UTC

By suggestion from João Silva, I have updated these streams:

| openssl-1_0_0.SUSE_SLE-15_Update     |  created request id 273977 |
| openssl-1_0_0.SUSE_SLE-12-SP4_Update |  created request id 273978 |
| openssl.SUSE_SLE-12-SP2_Update       |  created request id 273979 |
| openssl1.SUSE_SLE-11-SP3_Update      |  created request id 273980 |
| openssl.SUSE_SLE-11-SP1_Update       |  created request id 273981 |
| compat-openssl098.SUSE_SLE-12_Update |  created request id 273982 |

Comment 16 Swamp Workflow Management 2022-06-14 13:20:32 UTC

SUSE-SU-2022:2068-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166
CVE References: CVE-2022-1292
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE Enterprise Storage 6 (src):    openssl-1_1-1.1.0i-150100.14.30.1
SUSE CaaS Platform 4.0 (src):    openssl-1_1-1.1.0i-150100.14.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2022-06-14 13:21:13 UTC

SUSE-SU-2022:2075-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166
CVE References: CVE-2022-1292
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    openssl-1_1-1.1.0i-150000.4.69.1
SUSE Linux Enterprise Server 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.69.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.69.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    openssl-1_1-1.1.0i-150000.4.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-06-16 13:15:35 UTC

SUSE-SU-2022:2098-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199166
CVE References: CVE-2022-1292
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    openssl-1.0.2j-60.80.1
SUSE OpenStack Cloud 8 (src):    openssl-1.0.2j-60.80.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    openssl-1.0.2j-60.80.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    openssl-1.0.2j-60.80.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    openssl-1.0.2j-60.80.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssl-1.0.2j-60.80.1
HPE Helion Openstack 8 (src):    openssl-1.0.2j-60.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2022-06-16 19:31:05 UTC

SUSE-SU-2022:2106-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199166
CVE References: CVE-2022-1292
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openssl-1_0_0-1.0.2p-3.53.1
SUSE OpenStack Cloud 9 (src):    openssl-1_0_0-1.0.2p-3.53.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openssl-1_0_0-1.0.2p-3.53.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openssl-1_0_0-1.0.2p-3.53.1
SUSE Linux Enterprise Server 12-SP5 (src):    openssl-1_0_0-1.0.2p-3.53.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openssl-1_0_0-1.0.2p-3.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Jason Sikes 2022-06-22 03:00:48 UTC

Complete. Assigning to Security Team.

Comment 23 Swamp Workflow Management 2022-06-24 16:26:58 UTC

SUSE-SU-2022:2182-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE OpenStack Cloud 9 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server 12-SP5 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openssl-1_1-1.1.1d-2.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2022-06-28 07:17:11 UTC

SUSE-SU-2022:2197-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP5 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-106.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2022-07-04 13:18:36 UTC

SUSE-SU-2022:2251-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Retail Branch Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Proxy 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Micro 5.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Enterprise Storage 7 (src):    openssl-1_1-1.1.1d-150200.11.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-07-06 16:18:56 UTC

SUSE-SU-2022:2308-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-1_1-1.1.1l-150400.7.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-1_1-1.1.1l-150400.7.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2022-07-06 16:32:51 UTC

SUSE-SU-2022:2306-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1199167,1199168,1199169,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-1343,CVE-2022-1434,CVE-2022-1473,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-3-3.0.1-150400.4.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-3-3.0.1-150400.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2022-07-07 13:18:45 UTC

SUSE-SU-2022:2321-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
openSUSE Leap 15.3 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Server 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Retail Branch Server 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Proxy 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Enterprise Storage 7 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Enterprise Storage 6 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE CaaS Platform 4.0 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Pedro Monreal Gonzalez 2022-07-25 10:27:55 UTC

Update to OpenSSL 3.0.5, accepted Factory submission:
 * https://build.opensuse.org/request/show/990536

Comment 31 Swamp Workflow Management 2022-09-01 15:17:08 UTC

SUSE-SU-2022:2251-2: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.