-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2017-306-02)

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  There is a carry propagating bug in the x64 Montgomery squaring procedure.
  No EC algorithms are affected. Analysis suggests that attacks against RSA
  and DSA as a result of this defect would be very difficult to perform and
  are not believed likely. Attacks against DH are considered just feasible
  (although very difficult) because most of the work necessary to deduce
  information about a private key may be performed offline. The amount of
  resources required for such an attack would be very significant and likely
  only accessible to a limited number of attackers. An attacker would
  additionally need online access to an unpatched system using the target
  private key in a scenario with persistent DH parameters and a private
  key that is shared between multiple clients.
  This only affects processors that support the BMI1, BMI2 and ADX extensions
  like Intel Broadwell (5th generation) and later or AMD Ryzen.
  For more information, see:
    https://www.openssl.org/news/secadv/20171102.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 14.2:

Updated packages for Slackware x86_64 14.2:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.2 packages:
53cf0ad803cc25e2a1743c423ecef363  openssl-1.0.2m-i586-1_slack14.2.txz
aec151a19c32844355f8a13089f82154  openssl-solibs-1.0.2m-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
8beeb92a178b9b8e135c6b1018003c22  openssl-1.0.2m-x86_64-1_slack14.2.txz
b912777079f28301936a77790d00a7ae  openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz

Slackware -current packages:
647adb0751e6cd6e988ca81cf595cc0e  a/openssl-solibs-1.0.2l-i586-1.txz
c76711fb8f8ce77b5cdf6e5904dfd4a1  n/openssl-1.0.2m-i586-1.txz

Slackware x86_64 -current packages:
47323660a6504018ee6b4490c268060b  a/openssl-solibs-1.0.2l-x86_64-1.txz
fa9ed59b81567d356bd59c953fbabc1e  n/openssl-1.0.2m-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.2m-i586-1_slack14.2.txz openssl-solibs-1.0.2m-i586-1_slack14.2.txz


+-----+

Slackware: 2017-306-02: openssl Security Update

November 3, 2017
New openssl packages are available for Slackware 14.2 and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: There is a carry propagating bug in the x64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. For more information, see: https://www.openssl.org/news/secadv/20171102.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736 (* Security fix *) patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz: Upgraded.

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 14.2:
Updated packages for Slackware x86_64 14.2:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.2 packages: 53cf0ad803cc25e2a1743c423ecef363 openssl-1.0.2m-i586-1_slack14.2.txz aec151a19c32844355f8a13089f82154 openssl-solibs-1.0.2m-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 8beeb92a178b9b8e135c6b1018003c22 openssl-1.0.2m-x86_64-1_slack14.2.txz b912777079f28301936a77790d00a7ae openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz
Slackware -current packages: 647adb0751e6cd6e988ca81cf595cc0e a/openssl-solibs-1.0.2l-i586-1.txz c76711fb8f8ce77b5cdf6e5904dfd4a1 n/openssl-1.0.2m-i586-1.txz
Slackware x86_64 -current packages: 47323660a6504018ee6b4490c268060b a/openssl-solibs-1.0.2l-x86_64-1.txz fa9ed59b81567d356bd59c953fbabc1e n/openssl-1.0.2m-x86_64-1.txz

Severity
[slackware-security] openssl (SSA:2017-306-02)
New openssl packages are available for Slackware 14.2 and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.0.2m-i586-1_slack14.2.txz openssl-solibs-1.0.2m-i586-1_slack14.2.txz

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved