Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2008-210-08
HistoryJul 29, 2008 - 5:33 a.m.

[slackware-security] openssl

2008-07-2905:33:50
Slackware Linux Project
www.slackware.com
17

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current
to fix security issues.

More details about this issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2008-0891
https://vulners.com/cve/CVE-2008-1672

Upgraded OpenSSH packages have been provided to make sure that ssh is not
broken my the update – especially if your machine is a remote one, be SURE
to upgrade to the new openssh package as well!

Here are the details from the Slackware 12.1 ChangeLog:

patches/packages/openssl-0.9.8h-i486-1_slack12.1.tgz:
Upgraded to OpenSSL 0.9.8h.
The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
If OpenSSL was compiled using non-default options (Slackware’s package
is not), then a malicious packet could cause a crash. Also, a malformed
TLS handshake could also lead to a crash.
For more information, see:
https://vulners.com/cve/CVE-2008-0891
https://vulners.com/cve/CVE-2008-1672
When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
it is possible to be unable to log back into sshd!
(* Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the β€œGet Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssh-5.1p1-i486-1_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssh-5.1p1-i486-1_slack12.1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8h-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8h-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-5.1p1-i486-1.tgz

MD5 signatures:

Slackware 11.0 packages:
8ee9a3b3366a29a84b7314fb40a7c808 openssl-0.9.8h-i486-1_slack11.0.tgz
863b5deeffd7eb58ef41b1b49759bff5 openssl-solibs-0.9.8h-i486-1_slack11.0.tgz
617456c059e8d7761de7e3c92ee5e473 openssh-5.1p1-i486-1_slack11.0.tgz

Slackware 12.0 packages:
ae721f8dd900c930d6c2e27581f577a9 openssl-0.9.8h-i486-1_slack12.0.tgz
30271692b6253c5dc733c80a986d13d1 openssl-solibs-0.9.8h-i486-1_slack12.0.tgz
5fd2eae44bf0d311bdfebb930790ab88 openssh-5.1p1-i486-1_slack12.0.tgz

Slackware 12.1 packages:
cb3674edf80bfabe23a1901f9eecea09 openssl-0.9.8h-i486-1_slack12.1.tgz
dc0df15982723244c920417d5fa9c15a openssl-solibs-0.9.8h-i486-1_slack12.1.tgz
0684a119d56721053e1f57b06692642d openssh-5.1p1-i486-1_slack12.1.tgz

Slackware -current packages:
b72f7a417b524f06f8443ea9a13b58ca openssl-0.9.8h-i486-1.tgz
fa6658aabc7ab02736a01e511b9cc9ec openssl-solibs-0.9.8h-i486-1.tgz
97d4828d0b5d88b16d83d7265a54f9de openssh-5.1p1-i486-1.tgz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-0.9.8h-i486-1_slack12.1.tgz openssl-solibs-0.9.8h-i486-1_slack12.1.tgz openssh-5.1p1-i486-1_slack12.1.tgz

Then, restart sshd if you use it:
sh /etc/rc.d/rc.sshd restart

OSVersionArchitecturePackageVersionFilename
Slackware11.0i486openssl-solibs<Β 0.9.8hopenssl-solibs-0.9.8h-i486-1_slack11.0.tgz
Slackware11.0i486openssl<Β 0.9.8hopenssl-0.9.8h-i486-1_slack11.0.tgz
Slackware11.0i486openssh<Β 5.1p1openssh-5.1p1-i486-1_slack11.0.tgz
Slackware12.0i486openssl-solibs<Β 0.9.8hopenssl-solibs-0.9.8h-i486-1_slack12.0.tgz
Slackware12.0i486openssl<Β 0.9.8hopenssl-0.9.8h-i486-1_slack12.0.tgz
Slackware12.0i486openssh<Β 5.1p1openssh-5.1p1-i486-1_slack12.0.tgz
Slackware12.1i486openssl-solibs<Β 0.9.8hopenssl-solibs-0.9.8h-i486-1_slack12.1.tgz
Slackware12.1i486openssl<Β 0.9.8hopenssl-0.9.8h-i486-1_slack12.1.tgz
Slackware12.1i486openssh<Β 5.1p1openssh-5.1p1-i486-1_slack12.1.tgz
Slackwarecurrenti486openssl-solibs<Β 0.9.8hopenssl-solibs-0.9.8h-i486-1.tgz
Rows per page:
1-10 of 121

Related

ubuntu 1
nessus 9
openvas 11
fedora 3
gentoo 1
seebug 1
openssl 2
prion 2
f5 4
cve 2
ubuntucve 2
cert 2
debiancve 2
oraclelinux 3
ubuntu
ubuntu
OpenSSL vulnerabilities
2008-06-26 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : openssl (MDVSA-2008:107)
2009-04-23 00:00:00
Ubuntu 8.04 LTS : openssl vulnerabilities (USN-620-1)
2008-07-02 00:00:00
Fedora 9 : openssl-0.9.8g-9.fc9 (2008-4723)
2008-06-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200806-08 (openssl)
2008-09-24 00:00:00
Fedora Update for openssl FEDORA-2008-4723
2009-02-17 00:00:00
Mandriva Update for openssl MDVSA-2008:107 (openssl)
2009-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: openssl-0.9.8g-9.fc9
2008-05-31 02:14:16
[SECURITY] Fedora 9 Update: openssl-0.9.8g-9.12.fc9
2009-01-08 04:19:17
[SECURITY] Fedora 9 Update: openssl-0.9.8g-9.14.fc9
2009-06-19 13:40:57
gentoo
gentoo
OpenSSL: Denial of service
2008-06-23 00:00:00
seebug
seebug
OpenSSL倚δΈͺζ‹’η»ζœεŠ‘ζΌζ΄ž
2008-05-29 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2008-1672
2008-05-28 00:00:00
Vulnerability in OpenSSL CVE-2008-0891
2008-05-28 00:00:00
prion
prion
Null pointer dereference
2008-05-29 16:32:00
Double free
2008-05-29 16:32:00
f5
f5
K15350 : OpenSSL vulnerability CVE-2008-1672
2014-06-23 00:00:00
SOL15350 - OpenSSL vulnerability CVE-2008-1672
2014-06-23 00:00:00
SOL17454 - OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131
2015-10-16 00:00:00
cve
cve
CVE-2008-1672
2008-05-29 16:32:00
CVE-2008-0891
2008-05-29 16:32:00
ubuntucve
ubuntucve
CVE-2008-1672
2008-05-29 00:00:00
CVE-2008-0891
2008-05-29 00:00:00
cert
cert
OpenSSL TLS handshake Denial of Service
2008-05-30 00:00:00
OpenSSL Server Name extension Denial of Service
2008-05-30 00:00:00
debiancve
debiancve
CVE-2008-1672
2008-05-29 16:32:00
CVE-2008-0891
2008-05-29 16:32:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON
Related for SSA-2008-210-08
ubuntu1nessus9openvas11fedora3gentoo1seebug1openssl2prion2f54cve2ubuntucve2cert2debiancve2oraclelinux3