The Slackware Linux Project: Mailing List Info

Mailing List Info

News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact

Mailing Lists
Archives

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)
Date: Tue, 26 Feb 2019 20:12:59 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz:  Upgraded.
  Go into the error state if a fatal alert is sent or received. If an
  application calls SSL_shutdown after a fatal alert has occured and
  then behaves different based on error codes from that function then
  the application may be vulnerable to a padding oracle.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2r-i586-1_slack14.2.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2r-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2r-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2r-x86_64-1_slack14.2.txz


MD5 signatures:
+-------------+

Slackware 14.2 packages:
b23a71963648d515630497f203eefab8  openssl-1.0.2r-i586-1_slack14.2.txz
8b04a9be9b78052791f02428be44a639  openssl-solibs-1.0.2r-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
c183c2ad507a65020f13c0dc154c0b11  openssl-1.0.2r-x86_64-1_slack14.2.txz
d656915855edd6365636ac558b8180cb  openssl-solibs-1.0.2r-x86_64-1_slack14.2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.2r-i586-1_slack14.2.txz openssl-solibs-1.0.2r-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlx2ACMACgkQakRjwEAQIjNDIQCeN1wsYRv73UH6Q44elCJEJLQy
SccAnj82EToKk7ZBCVf0JwaQVqIhPHtr
=fp1N
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.