安全公告详情

NS-SA-2023-0074

2023-05-29 09:41:11

简介

moderate: systemd/openssl security update

严重级别

moderate

主题

An update for systemd/openssl is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

systemd: Libraries for systemd and udev.
openssl: OpenSSL is a toolkit for supporting cryptography. The openssl-perl package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit.


Security Fix(es):
systemd: No description is available for this CVE.(CVE-2022-3821)
systemd: bugfix
openssl: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.(CVE-2022-2097)
openssl: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.(CVE-2022-2068)
openssl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.D0B5.

影响组件

  • systemd
  • openssl

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["systemd-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm","systemd-container-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm","systemd-devel-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm","systemd-libs-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm","systemd-pam-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm","systemd-udev-239-45.el8_4.2.cgslv6_2.15.g55be749.x86_64.rpm"],"source":"systemd-239-45.el8_4.2.cgslv6_2.15.g55be749.src.rpm"},{"binary":["openssl-1.1.1k-7.el8_6.cgslv6_2.2.gdf443c2.x86_64.rpm","openssl-devel-1.1.1k-7.el8_6.cgslv6_2.2.gdf443c2.x86_64.rpm","openssl-libs-1.1.1k-7.el8_6.cgslv6_2.2.gdf443c2.x86_64.rpm","openssl-static-1.1.1k-7.el8_6.cgslv6_2.2.gdf443c2.x86_64.rpm"],"source":"openssl-1.1.1k-7.el8_6.cgslv6_2.2.gdf443c2.src.rpm"}]}]}

CVE

参考