Lucene search

K
slackwareSlackware Linux ProjectSSA-2010-340-01
HistoryDec 07, 2010 - 7:14 a.m.

[slackware-security] openssl

2010-12-0707:14:58
Slackware Linux Project
www.slackware.com
21

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.7%

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog:

patches/packages/openssl-0.9.8q-i486-1_slack13.1.txz: Upgraded.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.org/news/secadv_20101202.txt
https://vulners.com/cve/CVE-2010-4180
https://vulners.com/cve/CVE-2010-4252
(* Security fix )
patches/packages/openssl-solibs-0.9.8q-i486-1_slack13.1.txz: Upgraded.
(
Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8q-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8q-i486-1_slack11.0.tgz

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8q-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8q-i486-1_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8q-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8q-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8q-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8q-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8q-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8q-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8q-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8q-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8q-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8q-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8q-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8q-x86_64-1_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8q-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8q-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8q-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8q-x86_64-1.txz

MD5 signatures:

Slackware 11.0 packages:
1672535dfc6ef7888dbfdd77e73c338e openssl-0.9.8q-i486-1_slack11.0.tgz
5f847bbea8047f6bb673bae6a5f1458e openssl-solibs-0.9.8q-i486-1_slack11.0.tgz

Slackware 12.0 packages:
1842d92468775cd222be3ba896f7bbb6 openssl-0.9.8q-i486-1_slack12.0.tgz
909856e3e3f985ebcdb1c3113f1afb75 openssl-solibs-0.9.8q-i486-1_slack12.0.tgz

Slackware 12.1 packages:
f77a3e257c05662dcbea51a7dd574919 openssl-0.9.8q-i486-1_slack12.1.tgz
4267b7a41580b57d32918e446f6eff64 openssl-solibs-0.9.8q-i486-1_slack12.1.tgz

Slackware 12.2 packages:
bdf0531d81e184b20fa0554d24d4f37e openssl-0.9.8q-i486-1_slack12.2.tgz
516bbf34fec6120def7c07478a371168 openssl-solibs-0.9.8q-i486-1_slack12.2.tgz

Slackware 13.0 packages:
bc271d68578b3b3f7e1487061cfdd881 openssl-0.9.8q-i486-1_slack13.0.txz
db28fbd8974e4d6087468f799cae66ce openssl-solibs-0.9.8q-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
4a63e4468ba9c18243a6f76430bdb980 openssl-0.9.8q-x86_64-1_slack13.0.txz
d36fe2db9cb7da1915533c2f268ab6a0 openssl-solibs-0.9.8q-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
a72fd414347686d157ee702157dcd2f5 openssl-0.9.8q-i486-1_slack13.1.txz
d750ff0918d4ed649b4b3e573af9288d openssl-solibs-0.9.8q-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
d9ff0a381f8a20f6c510f1e0b24248a8 openssl-0.9.8q-x86_64-1_slack13.1.txz
d6384ffc0957e65cf20de0c5d264f89d openssl-solibs-0.9.8q-x86_64-1_slack13.1.txz

Slackware -current packages:
480b90202772f5ae31f1c00330d3c4f4 a/openssl-solibs-0.9.8q-i486-1.txz
51d84a2d5795ae894af250b445f4b404 n/openssl-0.9.8q-i486-1.txz

Slackware x86_64 -current packages:
3ebf8f0c67dd8b5c177b8beeeec5a685 a/openssl-solibs-0.9.8q-x86_64-1.txz
54efe1b7da90c6b3e3832c68af0325be n/openssl-0.9.8q-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-0.9.8q-i486-1_slack13.1.txz openssl-solibs-0.9.8q-i486-1_slack13.1.txz

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.7%

Related for SSA-2010-340-01