CVE-2022-1292

Support for security such as Firewalls and securing linux
Post Reply
szyman
Posts: 2
Joined: 2022/09/16 15:11:25

CVE-2022-1292

Post by szyman » 2022/09/16 15:17:07

Dear all,

We are using CentOS7 as a base image for our docker images.
We noticed two critical vulnerabilities related to OpenSSL, which is present in CentOS7: According to RedHat they are classified as moderate: Does the same (RedHat explanation) applies to CentOS as it is based on RedHat?

Best regards,

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-1292

Post by TrevorH » 2022/09/16 17:41:14

Code: Select all

[root@centos7 ~]# yum provides '*/c_rehash'
Loaded plugins: priorities
188 packages excluded due to repository priority protections
1:openssl-perl-1.0.2k-19.el7.x86_64 : Perl scripts provided with OpenSSL
Repo        : base
Matched from:
Filename    : /usr/bin/c_rehash
Do you have that package installed? And yes, CentOS 7 is a rebuild of RHEL 7 so the same explanation applies.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

szyman
Posts: 2
Joined: 2022/09/16 15:11:25

Re: CVE-2022-1292

Post by szyman » 2022/09/19 11:30:37

Hi TrevorH!

Thanks a lot for your response.
Very good hint :)

Vulnerability scanner detected that our installation is having the two mentioned above CVEs issues.
However after in depth analysis it looks like that OpenSSL-perl package seems to be NOT installed (I guess scanner was searching just for Openssl version):

Code: Select all

[root@27de976b2d39 bin]# yum provides '*/c_rehash'
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirrors.xtom.de
 * epel: mirrors.xtom.de
 * extras: ftp.uni-bayreuth.de
 * updates: mirror.init7.net
1:openssl-perl-1.0.2k-19.el7.x86_64 : Perl scripts provided with OpenSSL
Repo        : base
Matched from:
Filename    : /usr/bin/c_rehash
and

Code: Select all

[root@27de976b2d39 bin]# yum list installed | grep openssl
openssl-libs.x86_64                         1:1.0.2k-25.el7_9           @updates
so it looks like c_rehash is also not present (I also manually confirmed that in /usr/bin), therefore our installation is safe.
Am I right or do I missed sth obvious?

Post Reply