An openssl security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where the c_rehash script does not properly sanitize shell meta characters to prevent command injection.

ELA-613-1 openssl security update

Package openssl
Version 1.0.1t-1+deb8u18
Related CVEs CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is executed by update-ca-certificates, from ca-certificates, to re-hash certificates in /etc/ssl/certs/. An attacker able to place files in this directory could execute arbitrary commands with the privileges of the script.

For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u18.

We recommend that you upgrade your openssl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-613-1 openssl security update