LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: OpenSSL Denial of service vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Slackware Fixes available for two potential denial-of-service issues in earlier versions of OpenSSL.

[slackware-security]  OpenSSL security update (SSA:2004-077-01)

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
9.1, and -current.  These fix two potential denial-of-service
issues in earlier versions of OpenSSL.

We recommend sites that use OpenSSL upgrade to the fixed packages
right away.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Mar 17 14:41:42 PST 2004
patches/packages/openssl-0.9.7d-i486-1.tgz:  Upgraded to openssl-0.9.7d.
patches/packages/openssl-solibs-0.9.7d-i486-1.tgz:  Upgraded to
  openssl-0.9.7d.  This fixes two potential denial-of-service issues in
  earlier versions of OpenSSL.  For more details, see:
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6m-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6m-i386-1.tgz

Updated packages for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7d-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7d-i386-1.tgz

Updated packages for Slackware 9.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7d-i486-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7d-i486-1.tgz

Updated packages for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7d-i486-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7d-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 packages:
9526929bee40c6f29ddd3e9549deff3a  openssl-0.9.6m-i386-1.tgz
8e9e9121276309c6082d4f16aa1ba31e  openssl-solibs-0.9.6m-i386-1.tgz

Slackware 9.0 packages:
51738802d6c2c33852870e5921a96b71  openssl-0.9.7d-i386-1.tgz
18a9c560acf5c9df7f782bd16455d964  openssl-solibs-0.9.7d-i386-1.tgz

Slackware 9.1 packages:
24e4d36cf911d45c5e33a075bb353a85  openssl-0.9.7d-i486-1.tgz
b53517348c04a279fb8139d98367f1cb  openssl-solibs-0.9.7d-i486-1.tgz

Slackware -current packages:
04df11995b00fcd19cdf2ced00c962eb  openssl-0.9.7d-i486-1.tgz
bd21b8d487217758b903bdbc9ac309a1  openssl-solibs-0.9.7d-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):
# upgradepkg openssl-0.9.7d-i486-1.tgz openssl-solibs-0.9.7d-i486-1.tgz


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.