Lucene search

Slackware Linux ProjectSSA-2022-076-02

HistoryMar 17, 2022 - 7:59 p.m.

[slackware-security] openssl

2022-03-1719:59:07

Slackware Linux Project

www.slackware.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

New openssl packages are available for Slackware 14.2, 15.0, and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/openssl-1.1.1n-i586-1_slack15.0.txz: Upgraded.
This update fixes a high severity security issue:
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.
For more information, see:
https://www.openssl.org/news/secadv/20220315.txt
https://vulners.com/cve/CVE-2022-0778
(* Security fix *)
patches/packages/openssl-solibs-1.1.1n-i586-1_slack15.0.txz: Upgraded.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2u-i586-2_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2u-i586-2_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2u-x86_64-2_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2u-x86_64-2_slack14.2.txz

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1n-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1n-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1n-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1n-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1n-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1n-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1n-x86_64-1.txz

MD5 signatures:

Slackware 15.0 packages:
081b29bfc577b0f4d3c15bc01e355c41 openssl-1.1.1n-i586-1_slack15.0.txz
b380040566a7563ffee501c918ca58a7 openssl-solibs-1.1.1n-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
1c7d523455958c10391cadaf5f44feda openssl-1.1.1n-x86_64-1_slack15.0.txz
f868ef8099f24a5a0c9fd6db35a66aa7 openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz

Slackware -current packages:
d81d43ea76f048ed55010d20424c0fbb a/openssl-solibs-1.1.1n-i586-1.txz
145d92a9f13a07135f6a6c2cd502f40c n/openssl-1.1.1n-i586-1.txz

Slackware x86_64 -current packages:
725895720f07474a70b5ec48f6fe9351 a/openssl-solibs-1.1.1n-x86_64-1.txz
ab4a31f56bfeeca2ebc3c9ceaf39e604 n/openssl-1.1.1n-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-1.1.1n-i586-1_slack15.0.txz openssl-solibs-1.1.1n-i586-1_slack15.0.txz

OSVersionArchitecturePackageVersionFilename
Slackware14.2i586openssl< 1.0.2uopenssl-1.0.2u-i586-2_slack14.2.txz
Slackware14.2i586openssl-solibs< 1.0.2uopenssl-solibs-1.0.2u-i586-2_slack14.2.txz
Slackware14.2x86_64openssl< 1.0.2uopenssl-1.0.2u-x86_64-2_slack14.2.txz
Slackware14.2x86_64openssl-solibs< 1.0.2uopenssl-solibs-1.0.2u-x86_64-2_slack14.2.txz
Slackware15.0i586openssl< 1.1.1nopenssl-1.1.1n-i586-1_slack15.0.txz
Slackware15.0i586openssl-solibs< 1.1.1nopenssl-solibs-1.1.1n-i586-1_slack15.0.txz
Slackware15.0x86_64openssl< 1.1.1nopenssl-1.1.1n-x86_64-1_slack15.0.txz
Slackware15.0x86_64openssl-solibs< 1.1.1nopenssl-solibs-1.1.1n-x86_64-1_slack15.0.txz
Slackwarecurrenti586openssl-solibs< 1.1.1nopenssl-solibs-1.1.1n-i586-1.txz
Slackwarecurrenti586openssl< 1.1.1nopenssl-1.1.1n-i586-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	14.2	i586	openssl	< 1.0.2u	openssl-1.0.2u-i586-2_slack14.2.txz
Slackware	14.2	i586	openssl-solibs	< 1.0.2u	openssl-solibs-1.0.2u-i586-2_slack14.2.txz
Slackware	14.2	x86_64	openssl	< 1.0.2u	openssl-1.0.2u-x86_64-2_slack14.2.txz
Slackware	14.2	x86_64	openssl-solibs	< 1.0.2u	openssl-solibs-1.0.2u-x86_64-2_slack14.2.txz
Slackware	15.0	i586	openssl	< 1.1.1n	openssl-1.1.1n-i586-1_slack15.0.txz
Slackware	15.0	i586	openssl-solibs	< 1.1.1n	openssl-solibs-1.1.1n-i586-1_slack15.0.txz
Slackware	15.0	x86_64	openssl	< 1.1.1n	openssl-1.1.1n-x86_64-1_slack15.0.txz
Slackware	15.0	x86_64	openssl-solibs	< 1.1.1n	openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz
Slackware	current	i586	openssl-solibs	< 1.1.1n	openssl-solibs-1.1.1n-i586-1.txz
Slackware	current	i586	openssl	< 1.1.1n	openssl-1.1.1n-i586-1.txz