{"id":"CLSA-2024-1719925589","summary":"openssl: Fix of 2 CVEs","details":"- CVE-2022-1292: c_rehash: Do not use shell to invoke openssl to prevent\n  command injection\n- CVE-2022-2068: c_rehash: Fix file operations to prevent command injection\n- Update expired smime certificates\n- Add testing using old certificates (sha1) to have both types of\n  certificates (sha1, sha256) checked with S/MIME","modified":"2026-05-27T11:18:22.707466482Z","published":"2024-07-02T13:06:32Z","upstream":["CVE-2022-1292","CVE-2022-2068"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/centos7-els/CLSA-2024-1719925589.html"}],"affected":[{"package":{"name":"openssl","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/openssl?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2k-26.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1719925589.json"}},{"package":{"name":"openssl-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/openssl-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2k-26.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1719925589.json"}},{"package":{"name":"openssl-libs","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/openssl-libs?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2k-26.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1719925589.json"}},{"package":{"name":"openssl-perl","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/openssl-perl?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2k-26.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1719925589.json"}},{"package":{"name":"openssl-static","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/openssl-static?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.0.2k-26.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1719925589.json"}}],"schema_version":"1.7.5"}