LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2014-220-01: openssl: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
[slackware-security]  openssl (SSA:2014-220-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz:  Upgraded.
  This update fixes several security issues:
  Double Free when processing DTLS packets (CVE-2014-3505)
  DTLS memory exhaustion (CVE-2014-3506)
  DTLS memory leak from zero-length fragments (CVE-2014-3507)
  Information leak in pretty printing functions (CVE-2014-3508)
  Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
  OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
  OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
  SRP buffer overrun (CVE-2014-3512)
  Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
  For more information, see:
    https://www.openssl.org/news/secadv_20140806.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz:  Upgraded.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
30bdc015b10d8891b90d3f6ea34f5fdd  openssl-0.9.8zb-i486-1_slack13.0.txz
3dc4140c22c04c94e5e74386a5a1c200  openssl-solibs-0.9.8zb-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
3da32f51273762d67bf9dbcc91af9413  openssl-0.9.8zb-x86_64-1_slack13.0.txz
075e5d12e5b909ecac923cb210f83544  openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
3b7e2bb2b317bf72b8f9b2b7a14bddfb  openssl-0.9.8zb-i486-1_slack13.1.txz
92af0784eade0674332a56bfab73b97d  openssl-solibs-0.9.8zb-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
df5f961109d7b50971660ca6a7d4c48c  openssl-0.9.8zb-x86_64-1_slack13.1.txz
582aaeae3d56730a2e1538a67d4e44da  openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
546445d56d3b367fa0dd4e80859c4620  openssl-0.9.8zb-i486-1_slack13.37.txz
b80e9df8cdd0649939ec2fab20d24691  openssl-solibs-0.9.8zb-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
9c9ce97dc21340924a3e27c1a8047023  openssl-0.9.8zb-x86_64-1_slack13.37.txz
0fe1931f2fc82fb8d5fbe72680caf843  openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
d1580f4b22b99cee42b22276653c8180  openssl-1.0.1i-i486-1_slack14.0.txz
ec93cec2bcab8ae7391a504573cbc231  openssl-solibs-1.0.1i-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
329475de3759225b1d02aa7317b2eb58  openssl-1.0.1i-x86_64-1_slack14.0.txz
25f2a198022d974534986a3913ca705c  openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
8336457bc31d44ebf502ffc4443f12f7  openssl-1.0.1i-i486-1_slack14.1.txz
4b99ac357fbd3065c53367eea246b8c7  openssl-solibs-1.0.1i-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
f2b8f81d9d7dc02e5d1011f663ccc95d  openssl-1.0.1i-x86_64-1_slack14.1.txz
4360abffbb57cb18ba0720f782d78250  openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz

Slackware -current packages:
49ecd332a899cf742d3467a6efe44269  a/openssl-solibs-1.0.1i-i486-1.txz
27da017c49045981b1793f105aff365f  n/openssl-1.0.1i-i486-1.txz

Slackware x86_64 -current packages:
8d74f3d770802182137c84d925f58cbc  a/openssl-solibs-1.0.1i-x86_64-1.txz
fd9d94d3210f0aedf74959cb0887e2b8  n/openssl-1.0.1i-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.