Bug 1232 - [CVE] CVE-2022-1292 for openssl
Summary: [CVE] CVE-2022-1292 for openssl
Status: CONFIRMED
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.5
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: tj
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-17 10:24 UTC by wb-zh951434
Modified: 2024-01-24 15:47 UTC (History)
4 users (show)

See Also:

Attachments
openssl list (107.51 KB, image/jpeg)
2022-05-17 10:29 UTC, wb-zh951434 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description wb-zh951434 alibaba_cloud_group 2022-05-17 10:24:01 UTC 
Description of problem:

CVE:
https://access.redhat.com/security/cve/CVE-2022-1292

Related patch:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 tj alibaba_cloud_group 2022-05-17 10:51:25 UTC 
我了解的目前应该没有服务直接调用c_rehash脚本的,虽然有命令注入,但是利用空间不大,整体影响面不大,常规修复就可以了