Slackware Linux ProjectSSA-2016-062-02[slackware-security] openssl
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.3%
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
patches/packages/openssl-1.0.1s-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
To avoid breaking the ABI, “enable-ssl2” is used, but all the vulnerable or
weak ciphers have been removed.
For more information, see:
https://www.openssl.org/news/secadv/20160301.txt
https://vulners.com/cve/CVE-2016-0800
https://vulners.com/cve/CVE-2016-0705
https://vulners.com/cve/CVE-2016-0798
https://vulners.com/cve/CVE-2016-0797
https://vulners.com/cve/CVE-2016-0799
https://vulners.com/cve/CVE-2016-0702
( Security fix *)
patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.1.txz: Upgraded.
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-2_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-2_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1s-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1s-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1s-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1s-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1s-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2g-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2g-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2g-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2g-x86_64-1.txz
MD5 signatures:
Slackware 13.0 packages:
644fbae107aa826aeb955cec011af852 openssl-0.9.8zh-i486-2_slack13.0.txz
6fa3075d061664f5bbe3d8de9e2bf368 openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Slackware x86_64 13.0 packages:
b53745715746f9dbef4a38dd8da03c94 openssl-0.9.8zh-x86_64-2_slack13.0.txz
5976e4f969f6adc2b43ba1592a52d5ba openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Slackware 13.1 packages:
e0608c002b708abaf2f5ceee4e4b155d openssl-0.9.8zh-i486-2_slack13.1.txz
cac0d5ccba2dccd979284f2051dab525 openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Slackware x86_64 13.1 packages:
01510ab2aab397be93e4bfdd04315bd0 openssl-0.9.8zh-x86_64-2_slack13.1.txz
0be1f99d5391cbc3b15dcd4371cb621a openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Slackware 13.37 packages:
c1c1d0a8483d4218fdd29ce1b2eb9e63 openssl-0.9.8zh-i486-2_slack13.37.txz
34ee96116c28ef08fbc08ab70b14f5a9 openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Slackware x86_64 13.37 packages:
32dadc44ba5dbd7621023e8fec1e3069 openssl-0.9.8zh-x86_64-2_slack13.37.txz
2f0205cfba8228e3d1980cef54d8668b openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Slackware 14.0 packages:
cc23e82479257a7a3a50438d336ec5be openssl-1.0.1s-i486-1_slack14.0.txz
9540a887ed6138e02d23bcaa6b825ee1 openssl-solibs-1.0.1s-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
5515a045f780c64e8978da7fbeaa5690 openssl-1.0.1s-x86_64-1_slack14.0.txz
6a725bc0a09908f9141f940932adf4e6 openssl-solibs-1.0.1s-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
593809d8904cafdf513d6b53fa768b74 openssl-1.0.1s-i486-1_slack14.1.txz
c9b24ae365ac7f8b39d6d967753ddf36 openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
480d719b052583b81829c7a46716eaa8 openssl-1.0.1s-x86_64-1_slack14.1.txz
7d67e02e2592b0943d421b77e7b056a2 openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz
Slackware -current packages:
afb5a7589c09cd8252033e050b338270 a/openssl-solibs-1.0.2g-i586-1.txz
2d40243494331ffe88ccbfd865cab491 n/openssl-1.0.2g-i586-1.txz
Slackware x86_64 -current packages:
2ed9f79bcadcaba7b7295da7e79655be a/openssl-solibs-1.0.2g-x86_64-1.txz
79ea233c8e9257081a6dcf2f6bc54b05 n/openssl-1.0.2g-x86_64-1.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg openssl-1.0.1s-i486-1_slack14.1.txz openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Then, reboot the machine or restart any network services that use OpenSSL.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.3%