[SSA:2009-320-01] openssl
New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
Here are the details from the Slackware 13.0 ChangeLog
patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz: Rebuilt.
Patched to disable SSL renegotiation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
(* Security fix *)
patches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz: Rebuilt.
Patched to disable SSL renegotiation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
(* Security fix *)
Where to find the new packages
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.0.tgz
Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.1.tgz
Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-4_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8i-i486-4_slack12.2.tgz
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8k-x86_64-3_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8l-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8l-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8l-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8l-x86_64-1.txz
MD5 signatures
Slackware 11.0 packages:
662fa4e1a24aba53e5a05850b27d5c16 openssl-0.9.8h-i486-4_slack11.0.tgz
b08b28f848b64df600a958268dd6a350 openssl-solibs-0.9.8h-i486-4_slack11.0.tgz
Slackware 12.0 packages:
6cdad3839394c5d81f56b7812f38e1d2 openssl-0.9.8h-i486-4_slack12.0.tgz
cd44b602ada795dd60c2e0a5b113a235 openssl-solibs-0.9.8h-i486-4_slack12.0.tgz
Slackware 12.1 packages:
f07db73dcfc7d0f09796199591805685 openssl-0.9.8h-i486-4_slack12.1.tgz
8ad915a9a85bf049da8593f3966fa155 openssl-solibs-0.9.8h-i486-4_slack12.1.tgz
Slackware 12.2 packages:
71e904cdd763254146c3d17cb67dabd9 openssl-0.9.8i-i486-4_slack12.2.tgz
3350b268966c39f884df46b839cbc216 openssl-solibs-0.9.8i-i486-4_slack12.2.tgz
Slackware 13.0 packages:
bf569bd9e2b6f6d12feb9926a2f4228c openssl-0.9.8k-i486-3_slack13.0.txz
e9042a6460ee448bcb32dee4f090be74 openssl-solibs-0.9.8k-i486-3_slack13.0.txz
Slackware x86_64 13.0 packages:
068a889c7120f569be44e7ffde9169d1 openssl-0.9.8k-x86_64-3_slack13.0.txz
7602b43d1e51a121e1f4a33919be48bf openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz
Slackware -current packages:
98f992b68c19070a6edeb0d4a6a0f559 openssl-solibs-0.9.8l-i486-1.txz
Slackware x86_64 -current packages:
c62ac6d683a8ed6f94da8c7555810d81 openssl-solibs-0.9.8l-x86_64-1.txz
Installation instructions
Upgrade the packages as root:
# upgradepkg openssl-0.9.8k-i486-3_slack13.0.txz openssl-solibs-0.9.8k-i486-3_slack13.0.txz
- ID
- SSA:2009-320-01
- Severity
- medium
- Severity from
- CVE-2009-3555
- URL
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
- Published
-
2009-11-16T21:42:36
(15 years ago) - Modified
-
2009-11-16T21:42:36
(15 years ago) - Rights
- Slackware Linux Security Team
- Other Advisories
-
- CISCO-SA-20091105-CVE-2009-3555
- CISCO-SA-20091109-TLS
- DSA-3253-1
- ELSA-2009-1579
- ELSA-2010-0162
- ELSA-2010-0164
- ELSA-2010-0165
- ELSA-2010-0166
- ELSA-2010-0339
- ELSA-2010-0768
- FEDORA-2009-12229
- FEDORA-2009-12305
- FEDORA-2009-12604
- FEDORA-2009-12606
- FEDORA-2009-12747
- FEDORA-2009-12750
- FEDORA-2009-12775
- FEDORA-2009-12782
- FEDORA-2009-12968
- FEDORA-2009-13236
- FEDORA-2009-13250
- FEDORA-2010-1127
- FEDORA-2010-15989
- FEDORA-2010-16240
- FEDORA-2010-16294
- FEDORA-2010-16312
- FEDORA-2010-17220
- FEDORA-2010-17826
- FEDORA-2010-3905
- FEDORA-2010-3929
- FEDORA-2010-3956
- FEDORA-2010-5357
- FEDORA-2010-5942
- FEDORA-2010-6025
- FEDORA-2010-6039
- FEDORA-2010-6055
- FEDORA-2010-6131
- FEDORA-2010-6279
- FEDORA-2010-8742
- FEDORA-2010-9421
- FEDORA-2010-9487
- FEDORA-2010-9518
- FEDORA-2010-9639
- FREEBSD:9CCFEE39-3C3B-11DF-9EDC-000F20797EDE
- GLSA-200912-01
- GLSA-201006-18
- GLSA-201110-05
- GLSA-201203-22
- GLSA-201206-18
- GLSA-201301-01
- GLSA-201309-15
- GLSA-201311-13
- GLSA-201406-32
- MAVEN:GHSA-F7W7-6PJC-WWM6
- NGINX:CVE-2009-3555
- RHSA-2010:0865
- RHSA-2010:0987
- SECADV-20091105-1
- SSA:2010-067-01
- USN-1010-1
- USN-860-1
- USN-923-1
- USN-927-1
- USN-927-4
- USN-927-6
- USN-990-1
- USN-990-2
- VU:120541
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:slackbuild/slackware/openssl?arch=x86_64&distro=slackware64-current | slackware | openssl | < 0.9.8l | slackware64-current | x86_64 | |
Affected | pkg:slackbuild/slackware/openssl?arch=x86_64&distro=slackware64-13.0 | slackware | openssl | < 0.9.8k | slackware64-13.0 | x86_64 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-current | slackware | openssl | < 0.9.8l | slackware-current | i486 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-13.0 | slackware | openssl | < 0.9.8k | slackware-13.0 | i486 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-12.2 | slackware | openssl | < 0.9.8i | slackware-12.2 | i486 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-12.1 | slackware | openssl | < 0.9.8h | slackware-12.1 | i486 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-12.0 | slackware | openssl | < 0.9.8h | slackware-12.0 | i486 | |
Affected | pkg:slackbuild/slackware/openssl?arch=i486&distro=slackware-11.0 | slackware | openssl | < 0.9.8h | slackware-11.0 | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=x86_64&distro=slackware64-current | slackware | openssl-solibs | < 0.9.8l | slackware64-current | x86_64 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=x86_64&distro=slackware64-13.0 | slackware | openssl-solibs | < 0.9.8k | slackware64-13.0 | x86_64 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-current | slackware | openssl-solibs | < 0.9.8l | slackware-current | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-13.0 | slackware | openssl-solibs | < 0.9.8k | slackware-13.0 | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-12.2 | slackware | openssl-solibs | < 0.9.8i | slackware-12.2 | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-12.1 | slackware | openssl-solibs | < 0.9.8h | slackware-12.1 | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-12.0 | slackware | openssl-solibs | < 0.9.8h | slackware-12.0 | i486 | |
Affected | pkg:slackbuild/slackware/openssl-solibs?arch=i486&distro=slackware-11.0 | slackware | openssl-solibs | < 0.9.8h | slackware-11.0 | i486 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |