Sicherheit: Preisgabe von Informationen in openssl

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2025-040-01)

New openssl packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz: Upgraded.
Apply patch to fix a low severity security issue:
Fix timing side-channel in ECDSA signature computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
This CVE was fixed by the second 1.1.1zb release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-13176
(* Security fix *)
patches/packages/openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz: Upgraded.
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
openssl-1.1.1zb_p2-i586-1_slack15.0.txz
openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz
openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
openssl11-solibs-1.1.1zb_p2-i686-1.txz
openssl11-1.1.1zb_p2-i686-1.txz

Updated packages for Slackware x86_64 -current:
openssl11-solibs-1.1.1zb_p2-x86_64-1.txz
openssl11-1.1.1zb_p2-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 packages:
015337a12703439ad126796cccadb32a openssl-1.1.1zb_p2-i586-1_slack15.0.txz
3a49f6b67394776376ba7c5b0ec68bcf
openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
cea815dffd81ce31399c196573ff85fe openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz
faa926d10308a27d354d32b77e7ca84d
openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz

Slackware -current packages:
f2cdf01e8b41cdbe46fc6d00f57aabd3 a/openssl11-solibs-1.1.1zb_p2-i686-1.txz
0b61e87f8eccee0aa63e8e004917264c n/openssl11-1.1.1zb_p2-i686-1.txz

Slackware x86_64 -current packages:
07f8cc63b8b4496aa57f43bd60bb2dec a/openssl11-solibs-1.1.1zb_p2-x86_64-1.txz
800b55b044a223355ddd37e3b125ac72 n/openssl11-1.1.1zb_p2-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.1.1zb_p2-i586-1_slack15.0.txz
openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCZ6kjTwAKCRBqRGPAQBAi
M2BSAJ4xk+s2OK58jZEJNJX5g8OLX1r+SACgjiWdLWl4lZY1S6FZgsvwrOIYgYA=
=9aND
-----END PGP SIGNATURE-----