| Package | openssl |
|---|---|
| Version | 1.0.1t-1+deb8u18 |
| Related CVEs | CVE-2022-1292 |
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is executed by
update-ca-certificates, from ca-certificates, to re-hash
certificates in /etc/ssl/certs/. An attacker able to place files in
this directory could execute arbitrary commands with the privileges of
the script.
For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u18.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.