Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2015-162-01
HistoryJun 11, 2015 - 11:01 p.m.

[slackware-security] openssl

2015-06-1123:01:09
Slackware Linux Project
www.slackware.com
56

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.628

Percentile

97.9%

JSON

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded.
Fixes several bugs and security issues:
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
o Race condition handling NewSessionTicket (CVE-2015-1791)
For more information, see:
https://vulners.com/cve/CVE-2015-1788
https://vulners.com/cve/CVE-2015-1789
https://vulners.com/cve/CVE-2015-1790
https://vulners.com/cve/CVE-2015-1792
https://vulners.com/cve/CVE-2015-1791
(* Security fix *)
patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures:

Slackware 13.0 packages:
383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz
fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz
9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz
986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz
503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz
874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz
be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz
758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz
9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz
fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz
ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages:
56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz
6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages:
e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz
91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

OSVersionArchitecturePackageVersionFilename
Slackware13.0i486openssl< 0.9.8zgopenssl-0.9.8zg-i486-1_slack13.0.txz
Slackware13.0i486openssl-solibs< 0.9.8zgopenssl-solibs-0.9.8zg-i486-1_slack13.0.txz
Slackware13.0x86_64openssl< 0.9.8zgopenssl-0.9.8zg-x86_64-1_slack13.0.txz
Slackware13.0x86_64openssl-solibs< 0.9.8zgopenssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz
Slackware13.1i486openssl< 0.9.8zgopenssl-0.9.8zg-i486-1_slack13.1.txz
Slackware13.1i486openssl-solibs< 0.9.8zgopenssl-solibs-0.9.8zg-i486-1_slack13.1.txz
Slackware13.1x86_64openssl< 0.9.8zgopenssl-0.9.8zg-x86_64-1_slack13.1.txz
Slackware13.1x86_64openssl-solibs< 0.9.8zgopenssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz
Slackware13.37i486openssl< 0.9.8zgopenssl-0.9.8zg-i486-1_slack13.37.txz
Slackware13.37i486openssl-solibs< 0.9.8zgopenssl-solibs-0.9.8zg-i486-1_slack13.37.txz
Rows per page:
1-10 of 241

Related

nessus 40
ibm 57
openvas 43
securityvulns 2
ubuntu 1
archlinux 1
mageia 1
cisco 1
suse 12
freebsd_advisory 1
freebsd 1
aix 1
debian 2
fortinet 1
osv 2
arista 1
paloalto 2
gentoo 1
redhat 2
altlinux 5
centos 2
veracode 2
fedora 4
symantec 1
amazon 1
oraclelinux 1
prion 1
ubuntucve 1
openssl 1
f5 2
cvelist 1
debiancve 1
nvd 2
cve 2
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)
2015-06-12 00:00:00
OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities
2015-06-12 00:00:00
OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities
2015-06-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
2022-04-27 09:58:00
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
2018-06-17 15:12:15
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience
2018-06-16 19:45:48
openvas
openvas
Slackware: Security Advisory (SSA:2015-162-01)
2022-04-21 00:00:00
OpenSSL Multiple Vulnerabilities (20150611 - 2) - Linux
2015-12-01 00:00:00
OpenSSL Multiple Vulnerabilities (20150611 - 2) - Windows
2015-12-01 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
archlinux
archlinux
openssl: multiple issues
2015-06-12 00:00:00
mageia
mageia
Updated openssl package fixes security vulnerabilities
2015-06-19 16:33:05
cisco
cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
suse
suse
Security update for openssl (important)
2015-06-25 18:05:48
Security update for compat-openssl098 (important)
2015-06-26 13:05:09
Security update for OpenSSL (important)
2015-07-03 14:06:19
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
debian
debian
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
[SECURITY] [DLA 247-1] openssl security update
2015-06-17 21:46:50
fortinet
fortinet
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
osv
osv
openssl - security update
2015-06-13 00:00:00
openssl - security update
2015-06-17 00:00:00
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
redhat
redhat
(RHSA-2015:1115) Moderate: openssl security update
2015-06-15 00:00:00
(RHSA-2015:1197) Moderate: openssl security update
2015-06-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2.M70P.1
2015-06-26 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt3
2015-06-15 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
centos
centos
openssl security update
2015-06-15 20:01:35
openssl security update
2015-07-02 12:10:41
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:39:36
Denial Of Service (DoS)
2017-02-10 06:46:32
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22
2015-06-21 00:19:25
[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22
2015-07-13 19:18:15
[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21
2015-06-24 15:57:49
symantec
symantec
SA98 : OpenSSL Security Advisory 11-June-2015
2015-06-17 08:00:00
amazon
amazon
Medium: openssl
2015-06-16 11:29:00
oraclelinux
oraclelinux
openssl security update
2015-06-15 00:00:00
prion
prion
Race condition
2015-06-12 19:59:00
ubuntucve
ubuntucve
CVE-2015-1791
2015-06-02 00:00:00
openssl
openssl
Vulnerability in OpenSSL - Race condition handling NewSessionTicket
2015-06-02 00:00:00
f5
f5
SOL16914 - OpenSSL vulnerability CVE-2015-1791
2015-07-07 00:00:00
K16914 : OpenSSL vulnerability CVE-2015-1791
2015-09-11 00:00:00
cvelist
cvelist
CVE-2015-1791
2015-06-12 00:00:00
debiancve
debiancve
CVE-2015-1791
2015-06-12 19:59:04
nvd
nvd
CVE-2015-1791
2015-06-12 19:59:04
CVE-2015-1790
2015-06-12 19:59:03
cve
cve
CVE-2015-1791
2015-06-12 19:59:04
CVE-2015-1790
2015-06-12 19:59:03

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.628

Percentile

97.9%

JSON
Related for SSA-2015-162-01
nessus40ibm57openvas43securityvulns2ubuntu1archlinux1mageia1cisco1suse12freebsd_advisory1freebsd1aix1debian2fortinet1osv2arista1paloalto2gentoo1redhat2altlinux5centos2veracode2fedora4symantec1amazon1oraclelinux1prion1ubuntucve1openssl1f52cvelist1debiancve1nvd2cve2