Slackware alert SSA:2005-286-01 (openssl)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] OpenSSL (SSA:2005-286-01) | |
| Date: | Thu, 13 Oct 2005 18:06:49 -0700 (PDT) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSL (SSA:2005-286-01) New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a "man in the middle" may force a client and server to fall back to the less-secure SSL 2.0 protocol. More details about this issue may be found here: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/openssl-0.9.7g-i486-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see: http://www.openssl.org/news/secadv_20051011.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *) patches/packages/openssl-solibs-0.9.7g-i486-2.tgz: Patched. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... MD5 signatures: +-------------+ Slackware 8.1 packages: 233579e9b0f6acccb2a4de2328283bca openssl-0.9.6m-i386-2.tgz 47a01aeb5b8a8626759ed7679cab7994 openssl-solibs-0.9.6m-i386-2.tgz Slackware 9.0 packages: dc48ea28db265ac7d962f579b3af16e0 openssl-0.9.7d-i386-2.tgz 7fa49277ec5c2876d093f0946bc5a018 openssl-solibs-0.9.7d-i386-2.tgz Slackware 9.1 packages: e6f519e5e556e6a59cbe653a4306764e openssl-0.9.7d-i486-2.tgz e316aa71fe6711e05fe5bca27155ab11 openssl-solibs-0.9.7d-i486-2.tgz Slackware 10.0 packages: 3a0d650e1d6c78def45b807b16842d4f openssl-0.9.7d-i486-2.tgz 9c8576aaf5f30a5a443535220936d5bc openssl-solibs-0.9.7d-i486-2.tgz Slackware 10.1 packages: 31ac4c1e3bfea98c5ebc16561cf4b79d openssl-0.9.7e-i486-4.tgz 9627ae6903a776c2ec47e99414153c9d openssl-solibs-0.9.7e-i486-4.tgz Slackware 10.2 packages: 1453988b55ae1e7befd325b139d37ea3 openssl-0.9.7g-i486-2.tgz bb7713fcf4b0942210fd78c6d2a23196 openssl-solibs-0.9.7g-i486-2.tgz Slackware -current packages: 1453988b55ae1e7befd325b139d37ea3 openssl-0.9.7g-i486-2.tgz bb7713fcf4b0942210fd78c6d2a23196 openssl-solibs-0.9.7g-i486-2.tgz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-solibs-0.9.7g-i486-2.tgz openssl-0.9.7g-i486-2.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFDTwQUakRjwEAQIjMRAjfUAJsFzSA5pHOphpXFJ1KDPK7rh8Wo7ACbBzoJ hL5ZwKg0gl1Rja2tA7NYQts= =9I9w -----END PGP SIGNATURE-----