Slackware 9.0 SSA:2003-141-05 Moderate: Mod_ssl Timing Attack Fix

slackware

May 22, 2003

This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker.

Summary

Here are the details from the Slackware 9.0 ChangeLog: Tue May 20 20:13:09 PDT 2003 patches/packages/mod_ssl-2.8.14_1.3.27-i386-1.tgz: Upgraded to mod_ssl-2.8.14_1.3.27. Includes RSA blinding fixes. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 9.0: MD5 SIGNATURES: Slackware 9.0 package: 2888ecec5e2116be81b5295fc477869b mod_ssl-2.8.14_1.3.27-i386-1.tgz INSTALLATION INSTRUCTIONS: First, shut down your web server: # apachectl stop Then upgrade using upgradepkg (as root): upgradepkg mod_ssl-2.8.14_1.3.27-i386-1.tgz Finally, restart secure web services: # apachectl startssl Slackware Linux Security Team slackware security@slackware.com

Topics Covered

security advisory software update Slackware timing attack mod_ssl RSA blinding

Where Find New Packages

MD5 Signatures

Topics Covered

security advisory software update Slackware timing attack mod_ssl RSA blinding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks