exploit the possibilities

Slackware Security Advisory - openssl Updates

Slackware Security Advisory - openssl Updates
Posted Jul 10, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1793
MD5 | 944acb9b8971711466b80206b6725921

Slackware Security Advisory - openssl Updates

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2015-190-01)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issue:
Alternative chains certificate forgery (CVE-2015-1793).
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a
valid leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
For more information, see:
https://openssl.org/news/secadv_20150709.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
(* Security fix *)
patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1p-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1p-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1p-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1p-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1p-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1p-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1p-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 packages:
a77913257d9e4d9f0b143e7c2bf829d3 openssl-1.0.1p-i486-1_slack14.0.txz
9d778b2df5c01be05c5133d3c420a216 openssl-solibs-1.0.1p-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
1423b29d8621434363fcd92480544d19 openssl-1.0.1p-x86_64-1_slack14.0.txz
e510fd37b65ab9b585f505c3b8925755 openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz

Slackware 14.1 packages:
483c52a8f52243486db12c6a85e59ad3 openssl-1.0.1p-i486-1_slack14.1.txz
a2704397b9eabd509336dedfe1b51ff3 openssl-solibs-1.0.1p-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages:
2a4b0b930a7513a24a719f9996c3cd5d openssl-1.0.1p-x86_64-1_slack14.1.txz
3414a0e114c93ac4352938f182df5180 openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz

Slackware -current packages:
a867679d8f4a29a7b206930840d8c92f a/openssl-solibs-1.0.1p-i586-1.txz
1e28db3e77d547ef338c7116cf8d415f n/openssl-1.0.1p-i586-1.txz

Slackware x86_64 -current packages:
f53454dd43f9d3206db58b9cd8b4e53e a/openssl-solibs-1.0.1p-x86_64-1.txz
4433713b6723a0715dc60d1254ee2ca3 n/openssl-1.0.1p-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1p-i486-1_slack14.1.txz openssl-solibs-1.0.1p-i486-1_slack14.1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlWev7AACgkQakRjwEAQIjPrkACeIsFq4s2VpOM2+MdDvYYd8ZCG
E6kAn16/wtAGCwnLPlsLBP5rjOwteURt
=a8sE
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    7 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close