Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Slackware 14.2: 2017-342-01 Critical: OpenSSL Buffer Overflow Risk

slackware
Calendar Grey December 9, 2017
Dist Slackware Esm H88
Updated openssl packages have been released for Slackware 14.2 and -current, fixing important security vulnerabilities. Upgrade immediately!
New openssl packages are available for Slackware 14.2 and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Read/write after SSL object in error state rsaz_1024_mul_avx2 overflow bug on x86_64 For more information, see: https://openssl-library.org/news/secadv/20171207.txt https://www.cve.org/CVERecord?id=CVE-2017-3737 https://www.cve.org/CVERecord?id=CVE-2017-3738 (* Security fix *) patches/packages/openssl-solibs-1.0.2n-i586-1_slack14.2.txz: Upgraded.

Topics%20covered

Topics Covered

security advisory security issue buffer overflow critical Slackware openssl

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-2_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-2_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/sla...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 packages: 644fbae107aa826aeb955cec011af852 openssl-0.9.8zh-i486-2_slack13.0.txz 6fa3075d061664f5bbe3d8de9e2bf368 openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Slackware x86_64 13.0 packages: b53745715746f9dbef4a38dd8da03c94 openssl-0.9.8zh-x86_64-2_slack13.0.txz 5976e4f969f6adc2b43ba1592a52d5ba openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Slackware 13.1 packages: e0608c002b708abaf2f5ceee4e4b155d openssl-0.9.8zh-i486-2_slack13.1.txz cac0d5ccba2dccd979284f2051dab525 openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Slackware x86_64 13.1 packages: 01510ab2aab397be93e4bfdd04315bd0 openssl-0.9.8zh-x86_64-2_slack13.1.txz 0be1f99d5391cbc3b15dcd4371cb621a openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Slackware 13.37 packages: c1c1d0a8483d4218fdd29ce1b2eb9e63 openssl-0.9.8zh-i486-2_slack13.37.txz 34ee96116c28ef08fbc08ab70b14f5a9 openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Slackware x86_64 13.37 packages: 32dadc44ba5dbd7621023e8fec1e3069 openssl-0.9.8zh-x86_64-2_slack13.37.txz 2f0205cfba8228e3d1980cef54d8668b openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: e03fab49e9d967c5612484d919dd0268 openssl-1.0.2n-i586-1_slack14.2.txz 08747665f462b8f8c2832853e38e1e6f openssl-solibs-1.0.2n-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: b3a50ce9b6e6d449a8169e95d0a9612d openssl-1.0.2n-x86_64-1_slack14.2.txz c802bcfdfc5ff50f4ff8f9d3854201a6 openssl-solibs-1.0.2n-x86_64-1_slack14.2.txz
Slackware -current packages: 94858e542e5e174cddd6ebc2f8901dfe a/openssl-solibs-1.0.2n-i586-1.txz e74abd2caa67240856cbe198051739db n/openssl-1.0.2n-i586-1.txz
Slackware x86_64 -current packages: 708ff8cacfe797d28cb93e537ab7d4ee a/openssl-solibs-1.0.2n-x86_64-1.txz ed92a17a9345cfd0fbe7dc2f83eade22 n/openssl-1.0.2n-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue buffer overflow critical Slackware openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.0.2n-i586-1_slack14.2.txz openssl-solibs-1.0.2n-i586-1_slack14.2.txz

Related News

Your message here