Alerts This Week
Warning Icon 1 1,220
Alerts This Week
Warning Icon 1 1,220

Slackware 15.0: 2025-040-01 Low Severity: openssl Timing Attack Fix

slackware
Calendar Grey February 9, 2025
Dist Slackware Esm H88
Recent OpenSSL updates tackle timing side-channel vulnerabilities in ECDSA for Slackware versions 15.0 and the latest iteration.
New openssl packages are available for Slackware 15.0 and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz: Upgraded. Apply patch to fix a low severity security issue: Fix timing side-channel in ECDSA signature computation. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. This CVE was fixed by the second 1.1.1zb release that is only available to subscribers to OpenSSL's premium extended support. The patch was prepared by backporting from the OpenSSL-3.0 repo. Thanks to Ken Zalewski for the patch! For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-13176 (*

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory slackware timing attack low severity openssl

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz
Updated packages for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl11-solibs-1.1.1zb_p2-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackwar...

Read the Full Advisory

MD5 Signatures

Slackware 15.0 packages: 015337a12703439ad126796cccadb32a openssl-1.1.1zb_p2-i586-1_slack15.0.txz 3a49f6b67394776376ba7c5b0ec68bcf openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages: cea815dffd81ce31399c196573ff85fe openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz faa926d10308a27d354d32b77e7ca84d openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz
Slackware -current packages: f2cdf01e8b41cdbe46fc6d00f57aabd3 a/openssl11-solibs-1.1.1zb_p2-i686-1.txz 0b61e87f8eccee0aa63e8e004917264c n/openssl11-1.1.1zb_p2-i686-1.txz
Slackware x86_64 -current packages: 07f8cc63b8b4496aa57f43bd60bb2dec a/openssl11-solibs-1.1.1zb_p2-x86_64-1.txz 800b55b044a223355ddd37e3b125ac72 n/openssl11-1.1.1zb_p2-x86_64-1.txz

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory slackware timing attack low severity openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.1.1zb_p2-i586-1_slack15.0.txz openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

Your message here