Hi folks!  The last attempt at mailing this was converted by Alpine when it
saw some ISO-8859 characters, mangling the headers and causing the GPG
signature to fail.  Hopefully this try will work.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2013-040-01)

New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at:   Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
  Security Group at Royal Holloway, University of London
  (https://www.royalholloway.ac.uk/research-and-teaching/departments-and-schools/information-security/) for discovering this flaw and Adam Langley and
  Emilia K?sper for the initial patch.
  (CVE-2013-0169)
  [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
    Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
  ciphersuites which can be exploited in a denial of service attack.
  Thanks go to and to Adam Langley  for discovering
  and detecting this bug and to Wolfgang Ettlinger
   for independently discovering this issue.
  (CVE-2012-2686)
  [Adam Langley]
    Return an error when checking OCSP signatures when key is NULL.
  This fixes a DoS attack. (CVE-2013-0166)
  [Steve Henson]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8y-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8y-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:

Updated packages for Slackware x86_64 13.0:

Updated packages for Slackware 13.1:

Updated packages for Slackware x86_64 13.1:

Updated packages for Slackware 13.37:

Updated packages for Slackware x86_64 13.37:

Updated packages for Slackware 14.0:

Updated packages for Slackware x86_64 14.0:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 12.1 packages:
5193bca00070ccac309ea3384e67a657  openssl-0.9.8y-i486-1_slack12.1.tgz
76fb6bede444b059e575777092c78575  openssl-solibs-0.9.8y-i486-1_slack12.1.tgz

Slackware 12.2 packages:
5a3167936ba69442a795ed62f1ec29b2  openssl-0.9.8y-i486-1_slack12.2.tgz
ed20f551e0912a5f708da9a3c4d7ac5e  openssl-solibs-0.9.8y-i486-1_slack12.2.tgz

Slackware 13.0 packages:
f059432e11a6b17643e7b8f1d78c5ce3  openssl-0.9.8y-i486-1_slack13.0.txz
46c623b2e58053d308b3d9eb735be26b  openssl-solibs-0.9.8y-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
4fb6f07f85ec4ea26cc67d8b1c037fa9  openssl-0.9.8y-x86_64-1_slack13.0.txz
55bafd74f182806b1dcd076f31683743  openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
9713a64881622c63d0756ec9a5914980  openssl-0.9.8y-i486-1_slack13.1.txz
5d8e3984389bd080bc37b9d1276c7a7d  openssl-solibs-0.9.8y-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
821c76387f3ffa388af9e5bf81185758  openssl-0.9.8y-x86_64-1_slack13.1.txz
b6d525a53b4cda641166f19ee70a9650  openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
5195be05b85f5eb2bd4bf9ebf0a73ff9  openssl-0.9.8y-i486-1_slack13.37.txz
5248a839148fa91de52361335dc051f5  openssl-solibs-0.9.8y-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
15e13676d0def5f0dac1e7a4704e0016  openssl-0.9.8y-x86_64-1_slack13.37.txz
d4e5bd308d2e918c6bd7616343370c49  openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
736ca80a05b57a6f9bf2821405757466  openssl-1.0.1d-i486-1_slack14.0.txz
32aba4ad2fb26b5fb38fc4e5016dbc0f  openssl-solibs-1.0.1d-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
8c227f3b54e4650971e965d64d99713b  openssl-1.0.1d-x86_64-1_slack14.0.txz
6dbd931a3718de68d42f20db99c4f578  openssl-solibs-1.0.1d-x86_64-1_slack14.0.txz

Slackware -current packages:
9a8de5df0464c0c9e2032edba2ffbd61  a/openssl-solibs-1.0.1d-i486-1.txz
b4a36988d1c355041d2179d5f7190c92  n/openssl-1.0.1d-i486-1.txz

Slackware x86_64 -current packages:
35e1b575b406bc8a646f620467d4a27d  a/openssl-solibs-1.0.1d-x86_64-1.txz
063e0baf782651bdcab8c56f30df651d  n/openssl-1.0.1d-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.1d-i486-1_slack14.0.txz openssl-solibs-1.0.1d-i486-1_slack14.0.txz


+-----+

Slackware: 2013-040-01: openssl Security Update

February 10, 2013
New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz: Upgraded. Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (https://www.royalholloway.ac.uk/research-and-teaching/departments-and-schools/information-security/) for discovering this flaw and Adam Langley and Emilia K?sper for the initial patch. (CVE-2013-0169) [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. Thanks go to and to Adam Langley for discovering and detecting this bug and to Wolfgang Ettlinger for independently discovering this issue. (CVE-2012-2686) [Adam Langley] Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 (* Security fix *) patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz: Upgraded. (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8y-i486-1_slack12.1.tgz
Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8y-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.2.tgz
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware 13.37:
Updated packages for Slackware x86_64 13.37:
Updated packages for Slackware 14.0:
Updated packages for Slackware x86_64 14.0:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.1 packages: 5193bca00070ccac309ea3384e67a657 openssl-0.9.8y-i486-1_slack12.1.tgz 76fb6bede444b059e575777092c78575 openssl-solibs-0.9.8y-i486-1_slack12.1.tgz
Slackware 12.2 packages: 5a3167936ba69442a795ed62f1ec29b2 openssl-0.9.8y-i486-1_slack12.2.tgz ed20f551e0912a5f708da9a3c4d7ac5e openssl-solibs-0.9.8y-i486-1_slack12.2.tgz
Slackware 13.0 packages: f059432e11a6b17643e7b8f1d78c5ce3 openssl-0.9.8y-i486-1_slack13.0.txz 46c623b2e58053d308b3d9eb735be26b openssl-solibs-0.9.8y-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 4fb6f07f85ec4ea26cc67d8b1c037fa9 openssl-0.9.8y-x86_64-1_slack13.0.txz 55bafd74f182806b1dcd076f31683743 openssl-solibs-0.9.8y-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 9713a64881622c63d0756ec9a5914980 openssl-0.9.8y-i486-1_slack13.1.txz 5d8e3984389bd080bc37b9d1276c7a7d openssl-solibs-0.9.8y-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 821c76387f3ffa388af9e5bf81185758 openssl-0.9.8y-x86_64-1_slack13.1.txz b6d525a53b4cda641166f19ee70a9650 openssl-solibs-0.9.8y-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 5195be05b85f5eb2bd4bf9ebf0a73ff9 openssl-0.9.8y-i486-1_slack13.37.txz 5248a839148fa91de52361335dc051f5 openssl-solibs-0.9.8y-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 15e13676d0def5f0dac1e7a4704e0016 openssl-0.9.8y-x86_64-1_slack13.37.txz d4e5bd308d2e918c6bd7616343370c49 openssl-solibs-0.9.8y-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 736ca80a05b57a6f9bf2821405757466 openssl-1.0.1d-i486-1_slack14.0.txz 32aba4ad2fb26b5fb38fc4e5016dbc0f openssl-solibs-1.0.1d-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 8c227f3b54e4650971e965d64d99713b openssl-1.0.1d-x86_64-1_slack14.0.txz 6dbd931a3718de68d42f20db99c4f578 openssl-solibs-1.0.1d-x86_64-1_slack14.0.txz
Slackware -current packages: 9a8de5df0464c0c9e2032edba2ffbd61 a/openssl-solibs-1.0.1d-i486-1.txz b4a36988d1c355041d2179d5f7190c92 n/openssl-1.0.1d-i486-1.txz
Slackware x86_64 -current packages: 35e1b575b406bc8a646f620467d4a27d a/openssl-solibs-1.0.1d-x86_64-1.txz 063e0baf782651bdcab8c56f30df651d n/openssl-1.0.1d-x86_64-1.txz

Severity
Hi folks! The last attempt at mailing this was converted by Alpine when it saw some ISO-8859 characters, mangling the headers and causing the GPG signature to fail. Hopefully this try will work.
[slackware-security] openssl (SSA:2013-040-01)
New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg openssl-1.0.1d-i486-1_slack14.0.txz openssl-solibs-1.0.1d-i486-1_slack14.0.txz

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved