mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2024-10-19 14:08:17 +02:00
eb7d2abbf0
Changes between 1.1.1o and 1.1.1p [21 Jun 2022] *) In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. (CVE-2022-2068) [Daniel Fiala, Tomáš Mráz] *) When OpenSSL TLS client is connecting without any supported elliptic curves and TLS-1.3 protocol is disabled the connection will no longer fail if a ciphersuite that does not use a key exchange based on elliptic curves can be negotiated. [Tomáš Mráz] Signed-off-by: Andre Heider <a.heider@gmail.com> |
||
---|---|---|
.. | ||
argp-standalone | ||
elfutils | ||
gettext-full | ||
gmp | ||
jansson | ||
libaudit | ||
libbsd | ||
libcap | ||
libevent2 | ||
libiconv | ||
libiconv-full | ||
libjson-c | ||
libmnl | ||
libnetfilter-conntrack | ||
libnfnetlink | ||
libnftnl | ||
libnl | ||
libnl-tiny | ||
libpcap | ||
libselinux | ||
libsemanage | ||
libsepol | ||
libtool | ||
libubox | ||
libunwind | ||
libusb | ||
mbedtls | ||
musl-fts | ||
ncurses | ||
nettle | ||
openssl | ||
pcre | ||
popt | ||
readline | ||
sysfsutils | ||
toolchain | ||
uclient | ||
ustream-ssl | ||
wolfssl | ||
zlib |