The Slackware Linux Project: Mailing List Info

Mailing List Info

News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact

Mailing Lists
Archives

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2009-098-01)
Date: Tue, 7 Apr 2009 23:29:36 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2009-098-01)

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2,
and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590


Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/openssl-0.9.8h-i486-3_slack12.0.tgz:  Patched (see below).
patches/packages/openssl-solibs-0.9.8h-i486-3_slack12.0.tgz:
  Patched to fix possible crashes as well as a (fairly unlikely) case
  where an invalid signature might verify as valid.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-3_slack11.0.tgz openssl-solibs-0.9.8h-i486-3_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-3_slack12.0.tgz openssl-solibs-0.9.8h-i486-3_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-3_slack12.1.tgz openssl-solibs-0.9.8h-i486-3_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-3_slack12.2.tgz openssl-solibs-0.9.8i-i486-3_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8k-i486-1.tgz n/openssl-0.9.8k-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 11.0 packages:
e44ec3cba02b75d0a9a2eaa3497cacdd  openssl-0.9.8h-i486-3_slack11.0.tgz
58d2055da525dbce5b311c2b40fad7dc  openssl-solibs-0.9.8h-i486-3_slack11.0.tgz

Slackware 12.0 packages:
5784077250604b326baa2a34f6ead905  openssl-0.9.8h-i486-3_slack12.0.tgz
60b6ed4db2f76634abeab1a99b90cd87  openssl-solibs-0.9.8h-i486-3_slack12.0.tgz

Slackware 12.1 packages:
c83b32d650ade46c3fd162c11fa749fb  openssl-0.9.8h-i486-3_slack12.1.tgz
abda6caa9130093004dd87e093d4a93f  openssl-solibs-0.9.8h-i486-3_slack12.1.tgz

Slackware 12.2 packages:
c910652909f75aa654dfb2835e474edf  openssl-0.9.8i-i486-3_slack12.2.tgz
1acff931e71bddeed83a7ee4726286fa  openssl-solibs-0.9.8i-i486-3_slack12.2.tgz

Slackware -current packages:
b90377904539671507c04168172c4c6c  openssl-solibs-0.9.8k-i486-1.tgz
a43244be109e42168f251f04cef10dd6  openssl-0.9.8k-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-0.9.8i-i486-3_slack12.2.tgz openssl-solibs-0.9.8i-i486-3_slack12.2.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkncPn0ACgkQakRjwEAQIjPlUQCbB10euIPIV963mRXpE8336jKh
zUYAn1gtnW4Ferdk2gDsZcS64YlTw8hf
=SdTc
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.