Slackware Linux ProjectSSA-2017-342-01[slackware-security] openssl
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.946 High
EPSS
Percentile
99.2%
New openssl packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Read/write after SSL object in error state
rsaz_1024_mul_avx2 overflow bug on x86_64
For more information, see:
https://www.openssl.org/news/secadv/20171207.txt
https://vulners.com/cve/CVE-2017-3737
https://vulners.com/cve/CVE-2017-3738
(* Security fix *)
patches/packages/openssl-solibs-1.0.2n-i586-1_slack14.2.txz: Upgraded.
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-2_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-2_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2n-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2n-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2n-x86_64-1_slack14.2.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2n-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2n-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2n-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2n-x86_64-1.txz
MD5 signatures:
Slackware 13.0 packages:
644fbae107aa826aeb955cec011af852 openssl-0.9.8zh-i486-2_slack13.0.txz
6fa3075d061664f5bbe3d8de9e2bf368 openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Slackware x86_64 13.0 packages:
b53745715746f9dbef4a38dd8da03c94 openssl-0.9.8zh-x86_64-2_slack13.0.txz
5976e4f969f6adc2b43ba1592a52d5ba openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Slackware 13.1 packages:
e0608c002b708abaf2f5ceee4e4b155d openssl-0.9.8zh-i486-2_slack13.1.txz
cac0d5ccba2dccd979284f2051dab525 openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Slackware x86_64 13.1 packages:
01510ab2aab397be93e4bfdd04315bd0 openssl-0.9.8zh-x86_64-2_slack13.1.txz
0be1f99d5391cbc3b15dcd4371cb621a openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Slackware 13.37 packages:
c1c1d0a8483d4218fdd29ce1b2eb9e63 openssl-0.9.8zh-i486-2_slack13.37.txz
34ee96116c28ef08fbc08ab70b14f5a9 openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Slackware x86_64 13.37 packages:
32dadc44ba5dbd7621023e8fec1e3069 openssl-0.9.8zh-x86_64-2_slack13.37.txz
2f0205cfba8228e3d1980cef54d8668b openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Slackware 14.0 packages:
e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz
c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz
b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz
b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz
e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages:
e03fab49e9d967c5612484d919dd0268 openssl-1.0.2n-i586-1_slack14.2.txz
08747665f462b8f8c2832853e38e1e6f openssl-solibs-1.0.2n-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages:
b3a50ce9b6e6d449a8169e95d0a9612d openssl-1.0.2n-x86_64-1_slack14.2.txz
c802bcfdfc5ff50f4ff8f9d3854201a6 openssl-solibs-1.0.2n-x86_64-1_slack14.2.txz
Slackware -current packages:
94858e542e5e174cddd6ebc2f8901dfe a/openssl-solibs-1.0.2n-i586-1.txz
e74abd2caa67240856cbe198051739db n/openssl-1.0.2n-i586-1.txz
Slackware x86_64 -current packages:
708ff8cacfe797d28cb93e537ab7d4ee a/openssl-solibs-1.0.2n-x86_64-1.txz
ed92a17a9345cfd0fbe7dc2f83eade22 n/openssl-1.0.2n-x86_64-1.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg openssl-1.0.2n-i586-1_slack14.2.txz openssl-solibs-1.0.2n-i586-1_slack14.2.txz
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.946 High
EPSS
Percentile
99.2%