From d0df2224c88b869c4f76a5612ea2774e48bd84ce Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:08:07 +0000 Subject: [PATCH 1/8] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2022-0487?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/linux-kernel/2022/CVE-2022-0487/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/linux-kernel/2022/CVE-2022-0487/.keep diff --git a/cve/linux-kernel/2022/CVE-2022-0487/.keep b/cve/linux-kernel/2022/CVE-2022-0487/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From f3b0b5c3c59a3b57335fe171565d93edd857277b Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:08:53 +0000 Subject: [PATCH 2/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?linux-kernel/2022/CVE-2022-0487?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/linux-kernel/2022/CVE-2022-0487/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/linux-kernel/2022/CVE-2022-0487/.keep diff --git a/cve/linux-kernel/2022/CVE-2022-0487/.keep b/cve/linux-kernel/2022/CVE-2022-0487/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From a28ff39a67b7a38b858df497d09d535d5cbe3d38 Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:20:22 +0000 Subject: [PATCH 3/8] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2022-2097?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2022/CVE-2022-2097/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2022/CVE-2022-2097/.keep diff --git a/cve/openssl/2022/CVE-2022-2097/.keep b/cve/openssl/2022/CVE-2022-2097/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 888e6998edd6b65f045a318f0badba29e2f9b0d2 Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:22:33 +0000 Subject: [PATCH 4/8] add cve/openssl/2022/CVE-2022-2097. Signed-off-by: caicaineng --- cve/openssl/2022/CVE-2022-2097/README | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/openssl/2022/CVE-2022-2097/README diff --git a/cve/openssl/2022/CVE-2022-2097/README b/cve/openssl/2022/CVE-2022-2097/README new file mode 100644 index 00000000..e69de29b -- Gitee From d4a46163939f8a872d81731ae3c13f6af6317f4e Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:25:14 +0000 Subject: [PATCH 5/8] update cve/openssl/2022/CVE-2022-2097/README. Signed-off-by: caicaineng --- cve/openssl/2022/CVE-2022-2097/README | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cve/openssl/2022/CVE-2022-2097/README b/cve/openssl/2022/CVE-2022-2097/README index e69de29b..a315a690 100644 --- a/cve/openssl/2022/CVE-2022-2097/README +++ b/cve/openssl/2022/CVE-2022-2097/README @@ -0,0 +1,3 @@ +A script to change OpenSSL versions on Ubuntu to 1.1.1q to protect against CVE-2022-2097. + +REF:https://github.com/PeterThomasAwen/OpenSSLUpgrade1.1.1q-Ubuntu.git \ No newline at end of file -- Gitee From 1121f49cdc815c375a5ff7b20718523eab782183 Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:25:55 +0000 Subject: [PATCH 6/8] add cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh. Signed-off-by: caicaineng --- cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh diff --git a/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh b/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh new file mode 100644 index 00000000..1d6088db --- /dev/null +++ b/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh @@ -0,0 +1,14 @@ +#!/bin/bash +#Upgrades OpenSSL to version 1.1.1.q +wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz +sudo tar -xf openssl-1.1.1q.tar.gz +cd openssl-1.1.1q +sudo ./config +sudo make +sudo make install +sudo ldconfig +cd ~ +sudo rm openssl-1.1.1q.tar.gz +sudo rm -rf openssl-1.1.1q +sudo systemctl restart nginx +nginx -V \ No newline at end of file -- Gitee From 5e3269ca4f37b1f84ae2016aec5fe745083f495d Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:27:36 +0000 Subject: [PATCH 7/8] update openkylin_list.yaml. Signed-off-by: caicaineng --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 0d949e34..7bedeafc 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -95,6 +95,7 @@ cve: - CVE-2021-3449 - CVE-2022-0778 - CVE-2022-3786 + - CVE-2022-2097 libxml2: - CVE-2020-24977 - CVE-2021-3517 -- Gitee From f6b8244fc4336a3641a2c0c56a0188401465c917 Mon Sep 17 00:00:00 2001 From: caicaineng Date: Thu, 16 Mar 2023 05:41:14 +0000 Subject: [PATCH 8/8] add cve/openssl/2022/yaml/CVE-2022-2097.yaml. Signed-off-by: caicaineng --- cve/openssl/2022/yaml/CVE-2022-2097.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 cve/openssl/2022/yaml/CVE-2022-2097.yaml diff --git a/cve/openssl/2022/yaml/CVE-2022-2097.yaml b/cve/openssl/2022/yaml/CVE-2022-2097.yaml new file mode 100644 index 00000000..a2c6d850 --- /dev/null +++ b/cve/openssl/2022/yaml/CVE-2022-2097.yaml @@ -0,0 +1,15 @@ +id: CVE-2022-2097 +source: https://attackerkb.com/topics/wPEdhpuIwp/cve-2022-2097 +info: + description: | + AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). + reference: + https://attackerkb.com/topics/wPEdhpuIwp/cve-2022-2097; + https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2022-2097/; + https://github.com/PeterThomasAwen/OpenSSLUpgrade1.1.1q-Ubuntu; + classification: + cve-id: CVE-2022-2097 + cwe-id: None + cnvd-id: None + kve-id: None + tags: AES加密泄露, CVE-2022 \ No newline at end of file -- Gitee