Slackware Linux ProjectSSA-2024-199-01[slackware-security] openssl
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
New openssl packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
patches/packages/openssl-1.1.1za-i586-1_slack15.0.txz: Upgraded.
Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
were only available to subscribers to OpenSSL’s premium extended support.
These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
The reported version number has been updated so that vulnerability scanners
calm down. All of these issues were considered to be of low severity.
Thanks to Ken Zalewski for the patches!
For more information, see:
https://vulners.com/cve/CVE-2023-5678
https://vulners.com/cve/CVE-2024-0727
https://vulners.com/cve/CVE-2024-2511
https://vulners.com/cve/CVE-2024-4741
https://vulners.com/cve/CVE-2024-5535
(* Security fix *)
patches/packages/openssl-solibs-1.1.1za-i586-1_slack15.0.txz: Upgraded.
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1za-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1za-i586-1_slack15.0.txz
Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1za-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1za-x86_64-1_slack15.0.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl11-solibs-1.1.1za-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl11-1.1.1za-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl11-solibs-1.1.1za-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl11-1.1.1za-x86_64-1.txz
MD5 signatures:
Slackware 15.0 packages:
17a7499e8c2dd1050edf5727e39fcb8a openssl-1.1.1za-i586-1_slack15.0.txz
b3a247626d8822a9bee0890f88bc675c openssl-solibs-1.1.1za-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages:
745b28ea0b2aa0f47783d26aa68c20df openssl-1.1.1za-x86_64-1_slack15.0.txz
1af41bae8d09023bb3ceeb8711a057d8 openssl-solibs-1.1.1za-x86_64-1_slack15.0.txz
Slackware -current packages:
a074c2d960c70836a6d5cbe27d34bd7c a/openssl11-solibs-1.1.1za-i586-1.txz
6ab87d351559e2a1fe859de508c6925a n/openssl11-1.1.1za-i586-1.txz
Slackware x86_64 -current packages:
7a4ce9d3e3c250d91981f7149d2deb9d a/openssl11-solibs-1.1.1za-x86_64-1.txz
cd7509e6d6138daf5480a2936d759b75 n/openssl11-1.1.1za-x86_64-1.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg openssl-1.1.1za-i586-1_slack15.0.txz openssl-solibs-1.1.1za-i586-1_slack15.0.txz
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low