---

Home Security

Slackware Linux Advisory: OpenSSL

By

[slackware-security] OpenSSL security update
(SSA:2003-273-01)

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
9.1, and -current. These fix problems with ASN.1 parsing which
could lead to a denial of service. It is not known whether the
problems could lead to the running of malicious code on the server,
but it has not been ruled out.

We recommend sites that use OpenSSL upgrade to the fixed
packages right away.

Here are the details from the Slackware 9.1 ChangeLog:

Tue Sep 30 16:16:35 PDT 2003
patches/packages/openssl-0.9.7c-i486-1.tgz: Upgraded to OpenSSL
0.9.7c. patches/packages/openssl-solibs-0.9.7c-i486-1.tgz: Upgraded
to OpenSSL 0.9.7c.
This update fixes problems with OpenSSL’s ASN.1 parsing which could
lead to a denial of service. It is not known whether the problems
could lead to the running of malicious code on the server, but it
has not been ruled out.
For detailed information, see OpenSSL’s security advisory:
http://www.openssl.org/news/secadv_20030930.txt

We recommend sites that use OpenSSL upgrade to the fixed packages
right away.
(* Security fix *)

WHERE TO FIND THE NEW PACKAGES:

Updated packages for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6k-i386-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6k-i386-1.tgz

Updated packages for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7c-i386-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7c-i386-1.tgz

Updated packages for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7c-i486-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7c-i486-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7c-i486-1.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7c-i486-1.tgz

MD5 SIGNATURES:

Slackware 8.1 packages:
b16847083943c529ff63a07331d1818f openssl-0.9.6k-i386-1.tgz/
a371561b0f2148149abc662d02b17381 openssl-solibs-0.9.6k-i386-1.tgz/

Slackware 9.0 packages:
1a45090e4e432884de48beae5dfae540 openssl-0.9.7c-i386-1.tgz/
04629d814bd468b0b9e4f7da3df92752 openssl-solibs-0.9.7c-i386-1.tgz/

Slackware 9.1 packages:
49dbc64a43633bedb3ff8e5be93e7c6a openssl-0.9.7c-i486-1.tgz/
7598ad83ffd12e5b8e34dcf60fb18e1d openssl-solibs-0.9.7c-i486-1.tgz/

Slackware -current packages:
49dbc64a43633bedb3ff8e5be93e7c6a openssl-0.9.7c-i486-1.tgz/
7598ad83ffd12e5b8e34dcf60fb18e1d openssl-solibs-0.9.7c-i486-1.tgz/

INSTALLATION INSTRUCTIONS:

Upgrade using upgradepkg (as root):
# upgradepkg openssl-0.9.7c-i486-1.tgz/
openssl-solibs-0.9.7c-i486-1.tgz/

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.