| Package | openssl |
|---|---|
| Version | 1.0.1t-1+deb8u19 (jessie), 1.1.0l-1~deb9u7 (stretch) |
| Related CVEs | CVE-2022-2068 CVE-2022-2097 |
It was discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.
In addition, the stretch package addresses CVE-2022-2097, an information disclosure issue in the AES OCB assembly implementation for the x86 architecture.
For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u19.
For Debian 9 stretch, these problems have been fixed in version 1.1.0l-1~deb9u7.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.