Release Info

Advisory: CLSA-2022:1654011190

OS: Ubuntu 16.04 ELS

Public date: 2022-05-31 00:00:00

Project: openssl

Version: 1.0.2g-1ubuntu4.21+tuxcare.els3

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1654011190.html

Changelog

* SECURITY UPDATE: Improper Neutralization - debian/patches/CVE-2022-1292.patch: restrict using shell to invoke openssl due to possible privilege escalation - debian/patches/CVE-2022-1473.patch: fix bug OPENSSL_LH_flush() memory releasing leading to DoS - CVE-2022-1292 - CVE-2022-1473

Update

Update command: apt-get update apt-get --only-upgrade install openssl*

Packages list

libssl-dev_1.0.2g-1ubuntu4.21+tuxcare.els3_amd64.deb libssl-doc_1.0.2g-1ubuntu4.21+tuxcare.els3_all.deb libssl1.0.0_1.0.2g-1ubuntu4.21+tuxcare.els3_amd64.deb openssl_1.0.2g-1ubuntu4.21+tuxcare.els3_amd64.deb

CVEs

CVE-2022-1292