Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 12.1: SSA:2008-210-08 Critical OpenSSL Update and SSH Fix

slackware
Calendar Grey July 29, 2008
Dist Slackware Esm H88
Latest openssl updates have been released for Slackware systems to mitigate significant security threats and exploit risks.
New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues

Summary

Here are the details from the Slackware 12.1 ChangeLog: patches/packages/openssl-0.9.8h-i486-1_slack12.1.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: https://www.cve.org/CVERecord?id=CVE-2008-0891 https://www.cve.org/CVERecord?id=CVE-2008-1672 When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical software update slackware security issues openssl ssh

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz
Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssh-5.1p1-i486-1_slack12.0.tgz
Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssh-5.1p1-i486-1_slack12.1.tgz
Updated packages for Slackware -current:

MD5 Signatures

Slackware 11.0 packages: 8ee9a3b3366a29a84b7314fb40a7c808 openssl-0.9.8h-i486-1_slack11.0.tgz 863b5deeffd7eb58ef41b1b49759bff5 openssl-solibs-0.9.8h-i486-1_slack11.0.tgz 617456c059e8d7761de7e3c92ee5e473 openssh-5.1p1-i486-1_slack11.0.tgz
Slackware 12.0 packages: ae721f8dd900c930d6c2e27581f577a9 openssl-0.9.8h-i486-1_slack12.0.tgz 30271692b6253c5dc733c80a986d13d1 openssl-solibs-0.9.8h-i486-1_slack12.0.tgz 5fd2eae44bf0d311bdfebb930790ab88 openssh-5.1p1-i486-1_slack12.0.tgz
Slackware 12.1 packages: cb3674edf80bfabe23a1901f9eecea09 openssl-0.9.8h-i486-1_slack12.1.tgz dc0df15982723244c920417d5fa9c15a openssl-solibs-0.9.8h-i486-1_slack12.1.tgz 0684a119d56721053e1f57b06692642d openssh-5.1p1-i486-1_slack12.1.tgz
Slackware -current packages: b72f7a417b524f06f8443ea9a13b58ca openssl-0.9.8h-i486-1.tgz fa6658aabc7ab02736a01e511b9cc9ec openssl-solibs-0.9.8h-i486-1.tgz 97d4828d0b5d88b16d83d7265a54f9de openssh-5.1p1-i486-1.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical software update slackware security issues openssl ssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-0.9.8h-i486-1_slack12.1.tgz openssl-solibs-0.9.8h-i486-1_slack12.1.tgz openssh-5.1p1-i486-1_slack12.1.tgz Then, restart sshd if you use it: sh /etc/rc.d/rc.sshd restart

Related News

Your message here