drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenSSL
Name: |
Mehrere Probleme in OpenSSL |
|
ID: |
SSA:2016-062-02 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37, Slackware 14.0, Slackware x86_64 14.0, Slackware 14.1, Slackware x86_64 14.1 |
|
Datum: |
Do, 3. März 2016, 10:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 |
|
Applikationen: |
OpenSSL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssl (SSA:2016-062-02)
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1s-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Double-free in DSA code (CVE-2016-0705) Memory leak in SRP database lookups (CVE-2016-0798) BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) Fix memory issues in BIO_*printf functions (CVE-2016-0799) Side channel attack on modular exponentiation (CVE-2016-0702) To avoid breaking the ABI, "enable-ssl2" is used, but all the vulnerable or weak ciphers have been removed. For more information, see: https://www.openssl.org/news/secadv/20160301.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702 (* Security fix *) patches/packages/openssl-solibs-1.0.1s-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: openssl-0.9.8zh-i486-2_slack13.0.txz openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Updated packages for Slackware x86_64 13.0: openssl-0.9.8zh-x86_64-2_slack13.0.txz openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Updated packages for Slackware 13.1: openssl-0.9.8zh-i486-2_slack13.1.txz openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Updated packages for Slackware x86_64 13.1: openssl-0.9.8zh-x86_64-2_slack13.1.txz openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Updated packages for Slackware 13.37: openssl-0.9.8zh-i486-2_slack13.37.txz openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Updated packages for Slackware x86_64 13.37: openssl-0.9.8zh-x86_64-2_slack13.37.txz openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Updated packages for Slackware 14.0: openssl-1.0.1s-i486-1_slack14.0.txz openssl-solibs-1.0.1s-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: openssl-1.0.1s-x86_64-1_slack14.0.txz openssl-solibs-1.0.1s-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: openssl-1.0.1s-i486-1_slack14.1.txz openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: openssl-1.0.1s-x86_64-1_slack14.1.txz openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: openssl-solibs-1.0.2g-i586-1.txz openssl-1.0.2g-i586-1.txz
Updated packages for Slackware x86_64 -current: openssl-solibs-1.0.2g-x86_64-1.txz openssl-1.0.2g-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 644fbae107aa826aeb955cec011af852 openssl-0.9.8zh-i486-2_slack13.0.txz 6fa3075d061664f5bbe3d8de9e2bf368 openssl-solibs-0.9.8zh-i486-2_slack13.0.txz
Slackware x86_64 13.0 packages: b53745715746f9dbef4a38dd8da03c94 openssl-0.9.8zh-x86_64-2_slack13.0.txz 5976e4f969f6adc2b43ba1592a52d5ba openssl-solibs-0.9.8zh-x86_64-2_slack13.0.txz
Slackware 13.1 packages: e0608c002b708abaf2f5ceee4e4b155d openssl-0.9.8zh-i486-2_slack13.1.txz cac0d5ccba2dccd979284f2051dab525 openssl-solibs-0.9.8zh-i486-2_slack13.1.txz
Slackware x86_64 13.1 packages: 01510ab2aab397be93e4bfdd04315bd0 openssl-0.9.8zh-x86_64-2_slack13.1.txz 0be1f99d5391cbc3b15dcd4371cb621a openssl-solibs-0.9.8zh-x86_64-2_slack13.1.txz
Slackware 13.37 packages: c1c1d0a8483d4218fdd29ce1b2eb9e63 openssl-0.9.8zh-i486-2_slack13.37.txz 34ee96116c28ef08fbc08ab70b14f5a9 openssl-solibs-0.9.8zh-i486-2_slack13.37.txz
Slackware x86_64 13.37 packages: 32dadc44ba5dbd7621023e8fec1e3069 openssl-0.9.8zh-x86_64-2_slack13.37.txz 2f0205cfba8228e3d1980cef54d8668b openssl-solibs-0.9.8zh-x86_64-2_slack13.37.txz
Slackware 14.0 packages: cc23e82479257a7a3a50438d336ec5be openssl-1.0.1s-i486-1_slack14.0.txz 9540a887ed6138e02d23bcaa6b825ee1 openssl-solibs-1.0.1s-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 5515a045f780c64e8978da7fbeaa5690 openssl-1.0.1s-x86_64-1_slack14.0.txz 6a725bc0a09908f9141f940932adf4e6 openssl-solibs-1.0.1s-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 593809d8904cafdf513d6b53fa768b74 openssl-1.0.1s-i486-1_slack14.1.txz c9b24ae365ac7f8b39d6d967753ddf36 openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 480d719b052583b81829c7a46716eaa8 openssl-1.0.1s-x86_64-1_slack14.1.txz 7d67e02e2592b0943d421b77e7b056a2 openssl-solibs-1.0.1s-x86_64-1_slack14.1.txz
Slackware -current packages: afb5a7589c09cd8252033e050b338270 a/openssl-solibs-1.0.2g-i586-1.txz 2d40243494331ffe88ccbfd865cab491 n/openssl-1.0.2g-i586-1.txz
Slackware x86_64 -current packages: 2ed9f79bcadcaba7b7295da7e79655be a/openssl-solibs-1.0.2g-x86_64-1.txz 79ea233c8e9257081a6dcf2f6bc54b05 n/openssl-1.0.2g-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root: # upgradepkg openssl-1.0.1s-i486-1_slack14.1.txz openssl-solibs-1.0.1s-i486-1_slack14.1.txz
Then, reboot the machine or restart any network services that use OpenSSL.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlbXz4EACgkQakRjwEAQIjMxkgCfWroDF9a873CPtnVVR7jRSPu/ vBoAn1uxihS38xcFEmEuqwx9NgBB4ddV =DElP -----END PGP SIGNATURE-----
|
|
|
|