openssl漏洞问题

[xuzhuchao]

libijkffmpeg.so 包中包含的openssl版本太低安全检测出有高危漏洞，需要修复，这个需要怎么升级openssl的版本呢

[xuzhuchao]

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). References to advisories, solutions, and tools

[Doikki]

1.0.2ze 只针对高级支持用户提供，我这边无法进行升级

xuzhuchao @.***> 于2022年6月21日周二 17:01写道：

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). References to advisories, solutions, and tools

— Reply to this email directly, view it on GitHub https://github.com/Doikki/DKVideoPlayer/issues/766#issuecomment-1161466244, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEHQ6BQABHG7VEACSFV4Y5LVQGAF7ANCNFSM5ZLRNKJA . You are receiving this because you are subscribed to this thread.Message ID: @.***>