Bug 1200550 – VUL-0: CVE-2022-2068: openssl,openssl1,openssl-1_1,openssl-1_0_0: more shell code injection issues in c_rehash

Bug 1200550 - (CVE-2022-2068) VUL-0: CVE-2022-2068: openssl,openssl1,openssl-1_1,openssl-1_0_0: more shell code injection issues in c_rehash

(CVE-2022-2068)
Summary:	VUL-0: CVE-2022-2068: openssl,openssl1,openssl-1_1,openssl-1_0_0: more shell ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/334635/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-2068:6.7:(AV:L...
Keywords:

Depends on:
Blocks:	1201283
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-06-15 07:37 UTC by Marcus Meissner
Modified:	2022-10-28 15:59 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
0001-Fix-file-operations-in-c_rehash.patch (7.49 KB, patch) 2022-06-17 06:57 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Marcus Meissner 2022-06-15 07:38:05 UTC

CRD: 2022-06-21

Comment 3 Marcus Meissner 2022-06-17 06:57:32 UTC

Created attachment 859651 [details]
0001-Fix-file-operations-in-c_rehash.patch

the 1.1.1 patch ... it is quite big unfotrunately.

Comment 4 Jason Sikes 2022-06-20 05:35:32 UTC

Submitted:

| Package:          | Project:               | Status:                   |
|-------------------+------------------------+---------------------------|
| openssl-3         | SUSE_SLE-15-SP4_Update | created request id 274470 |
| openssl-1_1       | SUSE_SLE-15-SP4_Update | created request id 274458 |
| openssl-1_1       | SUSE_SLE-15-SP2_Update | created request id 274471 |
| openssl-1_1       | SUSE_SLE-12-SP4_Update | created request id 274472 |
| openssl-1_1       | SUSE_SLE-15_Update     | created request id 274473 |
| openssl-1_1       | SUSE_SLE-15-SP1_Update | created request id 274474 |
| openssl-1_0_0     | SUSE_SLE-15_Update     | created request id 274475 |
| openssl-1_0_0     | SUSE_SLE-12-SP4_Update | created request id 274476 |
| openssl           | SUSE_SLE-12-SP2_Update | created request id 274477 |
| openssl1          | SUSE_SLE-11-SP3_Update | created request id 274478 |
| openssl           | SUSE_SLE-11-SP1_Update | created request id 274479 |
| compat-openssl098 | SUSE_SLE-12_Update     | created request id 274480 |

Comment 6 Marcus Meissner 2022-06-21 14:36:08 UTC

is public

https://www.openssl.org/news/secadv/20220621.txt

OpenSSL Security Advisory [21 June 2022]
========================================

The c_rehash script allows command injection (CVE-2022-2068)
============================================================

Severity: Moderate

In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.

When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.

This script is distributed by some operating systems in a manner where
it is automatically executed.  On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2zf (premium support customers only)
OpenSSL 1.1.1 users should upgrade to 1.1.1p
OpenSSL 3.0 users should upgrade to 3.0.4

This issue was reported to OpenSSL on the 20th May 2022.  It was found by
Chancen of Qingteng 73lab.  A further instance of the issue was found by
Daniel Fiala of OpenSSL during a code review of the script.  The fix for
these issues was developed by Daniel Fiala and Tomas Mraz from OpenSSL.

Note
====

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of these issues on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220621.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

Comment 7 Jason Sikes 2022-06-23 20:49:55 UTC

In Factory:

openssl-1_1:   created request id 984626
openssl-1_0_0: created request id 984758

openssl-3 is not building in Factory at the moment.

Comment 9 Swamp Workflow Management 2022-06-24 16:17:24 UTC

SUSE-SU-2022:2179-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1200550
CVE References: CVE-2022-2068
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE Enterprise Storage 6 (src):    openssl-1_1-1.1.0i-150100.14.33.1
SUSE CaaS Platform 4.0 (src):    openssl-1_1-1.1.0i-150100.14.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-06-24 16:19:23 UTC

SUSE-SU-2022:2181-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1200550
CVE References: CVE-2022-2068
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openssl-1_0_0-1.0.2p-3.56.1
SUSE OpenStack Cloud 9 (src):    openssl-1_0_0-1.0.2p-3.56.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openssl-1_0_0-1.0.2p-3.56.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openssl-1_0_0-1.0.2p-3.56.1
SUSE Linux Enterprise Server 12-SP5 (src):    openssl-1_0_0-1.0.2p-3.56.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openssl-1_0_0-1.0.2p-3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-06-24 16:26:07 UTC

SUSE-SU-2022:2180-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1200550
CVE References: CVE-2022-2068
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    openssl-1.0.2j-60.83.1
SUSE OpenStack Cloud 8 (src):    openssl-1.0.2j-60.83.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    openssl-1.0.2j-60.83.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    openssl-1.0.2j-60.83.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    openssl-1.0.2j-60.83.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssl-1.0.2j-60.83.1
HPE Helion Openstack 8 (src):    openssl-1.0.2j-60.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-06-24 16:27:03 UTC

SUSE-SU-2022:2182-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE OpenStack Cloud 9 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server 12-SP5 (src):    openssl-1_1-1.1.1d-2.66.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openssl-1_1-1.1.1d-2.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2022-06-28 07:17:15 UTC

SUSE-SU-2022:2197-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP5 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    compat-openssl098-0.9.8j-106.36.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-106.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2022-07-04 13:18:41 UTC

SUSE-SU-2022:2251-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Retail Branch Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Manager Proxy 4.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise Micro 5.1 (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    openssl-1_1-1.1.1d-150200.11.48.1
SUSE Enterprise Storage 7 (src):    openssl-1_1-1.1.1d-150200.11.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2022-07-06 16:19:01 UTC

SUSE-SU-2022:2308-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-1_1-1.1.1l-150400.7.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-1_1-1.1.1l-150400.7.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2022-07-06 16:33:08 UTC

SUSE-SU-2022:2306-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1199167,1199168,1199169,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-1343,CVE-2022-1434,CVE-2022-1473,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-3-3.0.1-150400.4.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-3-3.0.1-150400.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-07-06 16:33:50 UTC

SUSE-SU-2022:2309-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1200550,1201099
CVE References: CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise Server 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    openssl-1_1-1.1.0i-150000.4.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2022-07-07 13:18:50 UTC

SUSE-SU-2022:2321-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
openSUSE Leap 15.3 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Server 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Retail Branch Server 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Manager Proxy 4.1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Server 15-LTSS (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Enterprise Storage 7 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE Enterprise Storage 6 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1
SUSE CaaS Platform 4.0 (src):    openssl-1_0_0-1.0.2p-150000.3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Jason Sikes 2022-07-11 10:51:26 UTC

Complete. Reassigning to Security Team

Comment 21 Marcus Meissner 2022-08-31 07:52:03 UTC

done

Comment 22 Swamp Workflow Management 2022-09-01 15:17:14 UTC

SUSE-SU-2022:2251-2: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185637,1199166,1200550
CVE References: CVE-2022-1292,CVE-2022-2068
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.