What Are You Looking For?

Sign Up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2015-009-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    DH client certificates accepted without verification [Server] (CVE-2015-0205)
    Certificate fingerprints can be modified (CVE-2014-8275)
    Bignum squaring may produce incorrect results (CVE-2014-3570)
  For more information, see:
    https://www.openssl.org/news/secadv_20150108.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:

Updated packages for Slackware x86_64 13.0:

Updated packages for Slackware 13.1:

Updated packages for Slackware x86_64 13.1:

Updated packages for Slackware 13.37:

Updated packages for Slackware x86_64 13.37:

Updated packages for Slackware 14.0:

Updated packages for Slackware x86_64 14.0:

Updated packages for Slackware 14.1:

Updated packages for Slackware x86_64 14.1:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 13.0 packages:
7011638e44786670642a29b13adbb4cd  openssl-0.9.8zd-i486-1_slack13.0.txz
239cd5697b2633e68aae60f84728ec3d  openssl-solibs-0.9.8zd-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
953f3ea84349050f9075d69f190c4ef0  openssl-0.9.8zd-x86_64-1_slack13.0.txz
e4cb8384a1a5fd0730f47b0d66844973  openssl-solibs-0.9.8zd-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
60a91060b530795c3aec7776e559069b  openssl-0.9.8zd-i486-1_slack13.1.txz
25833ee7c47234dfc57333e4e6ac9516  openssl-solibs-0.9.8zd-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
936f04a96087ac8b242fc468ab4902af  openssl-0.9.8zd-x86_64-1_slack13.1.txz
2e822308f12b71adbe1d63d3bb7dac44  openssl-solibs-0.9.8zd-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
90d89193c9625543a0b22595ba6e6989  openssl-0.9.8zd-i486-1_slack13.37.txz
83d2ba9b537949d5a882433c19232049  openssl-solibs-0.9.8zd-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
644c8acaf2ea6f5ea6fd197ee3d367f9  openssl-0.9.8zd-x86_64-1_slack13.37.txz
ebbae4f2e239906132fddbc8cc1f64cb  openssl-solibs-0.9.8zd-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
4400c395a2de5b68e880a76092dadd47  openssl-1.0.1k-i486-1_slack14.0.txz
b2455038898a8715310f4ab732c11f71  openssl-solibs-1.0.1k-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
f912cf9ec0d25495b1534c61563541be  openssl-1.0.1k-x86_64-1_slack14.0.txz
4eeed382d27de024e4f9e69aec1c148d  openssl-solibs-1.0.1k-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
299f48c01718e425e44844f54b34199d  openssl-1.0.1k-i486-1_slack14.1.txz
ca6b49bb17c602e6637edca5686afc10  openssl-solibs-1.0.1k-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
b9071e68e60d598a85659df0519131c2  openssl-1.0.1k-x86_64-1_slack14.1.txz
a835c6471b1cf5b162afe0782a6384bc  openssl-solibs-1.0.1k-x86_64-1_slack14.1.txz

Slackware -current packages:
cb7d3aa850b3cfe54abd1eb61c881cc7  a/openssl-solibs-1.0.1k-i486-1.txz
00ae9f01693bf86a709fd79b0e8cd099  n/openssl-1.0.1k-i486-1.txz

Slackware x86_64 -current packages:
727887e756148bb1d28fa348804fcdb9  a/openssl-solibs-1.0.1k-x86_64-1.txz
9c254936144f5aaaf8fe4eee033f5658  n/openssl-1.0.1k-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1k-i486-1_slack14.1.txz openssl-solibs-1.0.1k-i486-1_slack14.1.txz


+-----+

Slackware: 2015-009-01: openssl Security Update

January 9, 2015
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-1.0.1k-i486-1_slack14.1.txz: Upgraded. This update fixes several security issues: DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) no-ssl3 configuration sets method to NULL (CVE-2014-3569) ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) DH client certificates accepted without verification [Server] (CVE-2015-0205) Certificate fingerprints can be modified (CVE-2014-8275) Bignum squaring may produce incorrect results (CVE-2014-3570) For more information, see: https://www.openssl.org/news/secadv_20150108.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 (* Security fix *) patches/packages/openssl-solibs-1.0.1k-i486-1_slack14.1.txz: Upgraded.

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware 13.37:
Updated packages for Slackware x86_64 13.37:
Updated packages for Slackware 14.0:
Updated packages for Slackware x86_64 14.0:
Updated packages for Slackware 14.1:
Updated packages for Slackware x86_64 14.1:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 13.0 packages: 7011638e44786670642a29b13adbb4cd openssl-0.9.8zd-i486-1_slack13.0.txz 239cd5697b2633e68aae60f84728ec3d openssl-solibs-0.9.8zd-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 953f3ea84349050f9075d69f190c4ef0 openssl-0.9.8zd-x86_64-1_slack13.0.txz e4cb8384a1a5fd0730f47b0d66844973 openssl-solibs-0.9.8zd-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 60a91060b530795c3aec7776e559069b openssl-0.9.8zd-i486-1_slack13.1.txz 25833ee7c47234dfc57333e4e6ac9516 openssl-solibs-0.9.8zd-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 936f04a96087ac8b242fc468ab4902af openssl-0.9.8zd-x86_64-1_slack13.1.txz 2e822308f12b71adbe1d63d3bb7dac44 openssl-solibs-0.9.8zd-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 90d89193c9625543a0b22595ba6e6989 openssl-0.9.8zd-i486-1_slack13.37.txz 83d2ba9b537949d5a882433c19232049 openssl-solibs-0.9.8zd-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 644c8acaf2ea6f5ea6fd197ee3d367f9 openssl-0.9.8zd-x86_64-1_slack13.37.txz ebbae4f2e239906132fddbc8cc1f64cb openssl-solibs-0.9.8zd-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 4400c395a2de5b68e880a76092dadd47 openssl-1.0.1k-i486-1_slack14.0.txz b2455038898a8715310f4ab732c11f71 openssl-solibs-1.0.1k-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: f912cf9ec0d25495b1534c61563541be openssl-1.0.1k-x86_64-1_slack14.0.txz 4eeed382d27de024e4f9e69aec1c148d openssl-solibs-1.0.1k-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 299f48c01718e425e44844f54b34199d openssl-1.0.1k-i486-1_slack14.1.txz ca6b49bb17c602e6637edca5686afc10 openssl-solibs-1.0.1k-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: b9071e68e60d598a85659df0519131c2 openssl-1.0.1k-x86_64-1_slack14.1.txz a835c6471b1cf5b162afe0782a6384bc openssl-solibs-1.0.1k-x86_64-1_slack14.1.txz
Slackware -current packages: cb7d3aa850b3cfe54abd1eb61c881cc7 a/openssl-solibs-1.0.1k-i486-1.txz 00ae9f01693bf86a709fd79b0e8cd099 n/openssl-1.0.1k-i486-1.txz
Slackware x86_64 -current packages: 727887e756148bb1d28fa348804fcdb9 a/openssl-solibs-1.0.1k-x86_64-1.txz 9c254936144f5aaaf8fe4eee033f5658 n/openssl-1.0.1k-x86_64-1.txz

Severity
[slackware-security] openssl (SSA:2015-009-01)
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.0.1k-i486-1_slack14.1.txz openssl-solibs-1.0.1k-i486-1_slack14.1.txz

Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

691 Malicious npm Packages and 49 PyPI Components Containing Crypto-Miners, Remote Access Trojans Discovered

Feb 22, 2023

Researchers Uncover 700+ Malicious Open Source Packages

Feb 22, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo