drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in OpenSSL
Name: |
Preisgabe von Informationen in OpenSSL |
|
ID: |
SSA:2017-306-02 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware x86_64 -current, Slackware 14.2, Slackware x86_64 14.2 |
|
Datum: |
Fr, 3. November 2017, 08:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736 |
|
Applikationen: |
OpenSSL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssl (SSA:2017-306-02)
New openssl packages are available for Slackware 14.2 and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: There is a carry propagating bug in the x64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. For more information, see: https://www.openssl.org/news/secadv/20171102.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736 (* Security fix *) patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: openssl-1.0.2m-i586-1_slack14.2.txz openssl-solibs-1.0.2m-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: openssl-1.0.2m-x86_64-1_slack14.2.txz openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: openssl-solibs-1.0.2l-i586-1.txz openssl-1.0.2m-i586-1.txz
Updated packages for Slackware x86_64 -current: openssl-solibs-1.0.2l-x86_64-1.txz openssl-1.0.2m-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: 53cf0ad803cc25e2a1743c423ecef363 openssl-1.0.2m-i586-1_slack14.2.txz aec151a19c32844355f8a13089f82154 openssl-solibs-1.0.2m-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 8beeb92a178b9b8e135c6b1018003c22 openssl-1.0.2m-x86_64-1_slack14.2.txz b912777079f28301936a77790d00a7ae openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz
Slackware -current packages: 647adb0751e6cd6e988ca81cf595cc0e a/openssl-solibs-1.0.2l-i586-1.txz c76711fb8f8ce77b5cdf6e5904dfd4a1 n/openssl-1.0.2m-i586-1.txz
Slackware x86_64 -current packages: 47323660a6504018ee6b4490c268060b a/openssl-solibs-1.0.2l-x86_64-1.txz fa9ed59b81567d356bd59c953fbabc1e n/openssl-1.0.2m-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root: # upgradepkg openssl-1.0.2m-i586-1_slack14.2.txz openssl-solibs-1.0.2m-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAln75HMACgkQakRjwEAQIjMexACfQ2MkqUoe2txkDBNKrEO5Et9X BIQAnA8kCWt9nidv3B+xcAdTjdP5U1c2 =evZc -----END PGP SIGNATURE-----
|
|
|
|