Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 12.2: 2009-014-02 Urgent: OpenSSL Vulnerability Mitigation

slackware
Calendar Grey January 15, 2009
Dist Slackware Esm H88
Updated OpenSSL packages for Slackware address a critical DSA/ECDSA vulnerability. Discover further information regarding the update specifics here.
New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue when connecting to an SSL/TLS server that uses a certificate containin...

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/openssl-0.9.8i-i486-2_slack12.2.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://ocert.org/advisories/ocert-2008-016.html https://www.cve.org/CVERecord?id=CVE-2008-5077 (* Security fix *) patches/packages/openssl-solibs-0.9.8i-i486-2_slack12.2.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://ocert.org/advisories/ocert-2008-016.html https://www.cve.org/CVERecord?id=CVE-2008-5077 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue critical slackware openssl man in the middle

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:

MD5 Signatures

Slackware 11.0 package: 7debc62bd78f7fef599452a5a42aafa2 openssl-0.9.8h-i486-2_slack11.0.tgz b8ff499bdb6b39af8c9b1dbdd414e719 openssl-solibs-0.9.8h-i486-2_slack11.0.tgz
Slackware 12.0 package: 028d8569c8c8ff81eb2db2186de977f0 openssl-0.9.8h-i486-2_slack12.0.tgz d650635e4eb4d1fa61e6a7dd5e2382b1 openssl-solibs-0.9.8h-i486-2_slack12.0.tgz
Slackware 12.1 package: c316ed24bfdf085f601d7f26e4268044 openssl-0.9.8h-i486-2_slack12.1.tgz 629dfe5fb6576eadb176b1cacfc7261d openssl-solibs-0.9.8h-i486-2_slack12.1.tgz
Slackware 12.2 package: 79ea770e7d91bfbb1e4bb68fe43b2dee openssl-0.9.8i-i486-2_slack12.2.tgz 8900bb9731175fe2fef0b8b0869d74d9 openssl-solibs-0.9.8i-i486-2_slack12.2.tgz
Slackware -current package: 3ac4e878e8f772cc360ddfe26dcabf1e openssl-solibs-0.9.8i-i486-2.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue critical slackware openssl man in the middle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-0.9.8i-i486-2_slack12.2.tgz openssl-solibs-0.9.8i-i486-2_slack12.2.tgz

Related News

Your message here