I'm forwarding this in case anyone missed it since anyone running
openssh to the public is vulnerable to this DoS. Yeah, it's slack
specific, but hey, that's my distro. (Which I recommend to anyone who
wants to install a small distro on a limited amount of space, as
recently requested...they *finally* released a 2 CD set after 10 years)
-- Alex McKenzie alex@boxchain.com http://www.boxchain.com -------- Original Message -------- Subject: [slackware-security] OpenSSL security update (SSA:2004-077-01) Date: Wed, 17 Mar 2004 17:34:04 -0800 (PST) From: Slackware Security Team <security@slackware.com> Reply-To: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSL security update (SSA:2004-077-01) Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two potential denial-of-service issues in earlier versions of OpenSSL. We recommend sites that use OpenSSL upgrade to the fixed packages right away. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Mar 17 14:41:42 PST 2004 patches/packages/openssl-0.9.7d-i486-1.tgz: Upgraded to openssl-0.9.7d. patches/packages/openssl-solibs-0.9.7d-i486-1.tgz: Upgraded to openssl-0.9.7d. This fixes two potential denial-of-service issues in earlier versions of OpenSSL. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 (* Security fix *) +--------------------------+ WHERE TO FIND THE NEW PACKAGES: +-----------------------------+ Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6m-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6m-i386-1.tgz Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7d-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7d-i386-1.tgz Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7d-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7d-i486-1.tgz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7d-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7d-i486-1.tgz MD5 SIGNATURES: +-------------+ Slackware 8.1 packages: 9526929bee40c6f29ddd3e9549deff3a openssl-0.9.6m-i386-1.tgz 8e9e9121276309c6082d4f16aa1ba31e openssl-solibs-0.9.6m-i386-1.tgz Slackware 9.0 packages: 51738802d6c2c33852870e5921a96b71 openssl-0.9.7d-i386-1.tgz 18a9c560acf5c9df7f782bd16455d964 openssl-solibs-0.9.7d-i386-1.tgz Slackware 9.1 packages: 24e4d36cf911d45c5e33a075bb353a85 openssl-0.9.7d-i486-1.tgz b53517348c04a279fb8139d98367f1cb openssl-solibs-0.9.7d-i486-1.tgz Slackware -current packages: 04df11995b00fcd19cdf2ced00c962eb openssl-0.9.7d-i486-1.tgz bd21b8d487217758b903bdbc9ac309a1 openssl-solibs-0.9.7d-i486-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ Upgrade using upgradepkg (as root): # upgradepkg openssl-0.9.7d-i486-1.tgz openssl-solibs-0.9.7d-i486-1.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAWPgIakRjwEAQIjMRAq8qAJ9y2KgahJ1na5q0ZZxH9J+QkUc08gCeMj0Z 0n8sxKetGEecG+IKQLNzMuI= =dGRx -----END PGP SIGNATURE----- -- ___________________ Nolug mailing list nolug@nolug.orgReceived on 03/17/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST