Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Slackware 14.1 Security Notice 2015-111-09 Severe: OpenSSL Memory Issue

slackware
Calendar Grey April 22, 2015
Dist Slackware Esm H88
Recent updates for OpenSSL in Slackware address critical vulnerabilities, such as Denial of Service (DoS) and memory mishandling. It's essential to upgrade promptly.
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues

Summary

Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers For more information, see: https://www.cve.org/CVERecord?id=CVE-2015-0286 https://www.cve.org/CVERecord?id=CVE-2015-0287 https://www.cve.org/CVERecord?id=CVE-2015-0289 https://www.cve.org/CVERecord?id=CVE-2015-0293 https://www.cve.org/CVERecord?id=CVE-2015-0209 https://www.cve.org/CVERecord?id=CVE-2015-0288 (* Security fix *)

Topics%20covered

Topics Covered

security advisory update critical DoS memory corruption OpenSSL Slackware

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware 13.37:
Updated packages for Slackware x86_64 13.37:
Updated packages for Slackware 14.0:
Updated packages for Slackware x86_64 14.0:
Updated packages for Slackware 14.1:
Updated packages for Slackware x86_64 14.1:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory update critical DoS memory corruption OpenSSL Slackware

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz

Related News

Your message here