Thu Jun 23 05:30:51 UTC 2022
a/kernel-generic-5.18.6-i586-1.txz: Upgraded.
a/kernel-generic-smp-5.18.6_smp-i686-1.txz: Upgraded.
a/kernel-huge-5.18.6-i586-1.txz: Upgraded.
a/kernel-huge-smp-5.18.6_smp-i686-1.txz: Upgraded.
a/kernel-modules-5.18.6-i586-1.txz: Upgraded.
a/kernel-modules-smp-5.18.6_smp-i686-1.txz: Upgraded.
a/openssl-solibs-1.1.1p-i586-1.txz: Upgraded.
ap/sudo-1.9.11p3-i586-1.txz: Upgraded.
d/kernel-headers-5.18.6_smp-x86-1.txz: Upgraded.
k/kernel-source-5.18.6_smp-noarch-1.txz: Upgraded.
l/espeak-ng-1.51.1-i586-1.txz: Upgraded.
l/libidn-1.40-i586-1.txz: Upgraded.
l/mlt-7.8.0-i586-1.txz: Upgraded.
l/openal-soft-1.22.1-i586-1.txz: Upgraded.
l/pulseaudio-16.1-i586-1.txz: Upgraded.
l/speex-1.2.1-i586-1.txz: Upgraded.
l/speexdsp-1.2.1-i586-1.txz: Upgraded.
n/ca-certificates-20220622-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/openssl-1.1.1p-i586-1.txz: Upgraded.
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
For more information, see:
https://www.openssl.org/news/secadv/20220621.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
(* Security fix *)
x/ibus-table-1.16.9-i586-1.txz: Upgraded.
extra/linux-5.18.6-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Distro