FreeBSD: VID-fceb2b08-cb76-11ec-a06f-d4c9ef517024 (CVE-2022-1434): OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: The c_rehash script allows command injection (CVE-2022-1292) (Moderate) The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. OCSP_basic_verify may incorrectly verify the response signing certificate (CVE-2022-1343) (Moderate)The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434) (Low)The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. Resource leakage when decoding certificates and keys (CVE-2022-1473) (Low)The OPENSSL_LH_flush() function, which empties a hash table, containsa bug that breaks reuse of the memory occuppied by the removed hash table entries.