Re: [Nolug] [Fwd: [slackware-security] OpenSSL security update (SSA:2004-077-01)]

From: Dave Prentice <prentice_at_instruction.com>
Date: Thu, 25 Mar 2004 23:48:22 -0600
Message-ID: <01c412f5$f35778a0$6500000a@Dave.HOME>

Alex,
    I have VectorLinux SOHO on this laptop, supposed to be a variation
of slackware. It has kernel 2.4.20 installed. I have no idea what
level of slack that corresponds to. Is any of the upgrades below
necessary, and if so, which one(s)?
Thanks.
Dave Prentice
prentice@instruction.com
http://www.originsresource.org
-----Original Message-----
From: Alex McKenzie <alex@boxchain.com>
To: nolug@joeykelly.net <nolug@joeykelly.net>
Date: Wednesday, March 17, 2004 10:19 PM
Subject: [Nolug] [Fwd: [slackware-security] OpenSSL security update
(SSA:2004-077-01)]

>I'm forwarding this in case anyone missed it since anyone running
>openssh to the public is vulnerable to this DoS. Yeah, it's slack
>specific, but hey, that's my distro. (Which I recommend to anyone
who
>wants to install a small distro on a limited amount of space, as
>recently requested...they *finally* released a 2 CD set after 10
years)
>
>--
>Alex McKenzie alex@boxchain.com http://www.boxchain.com
>
>-------- Original Message --------
>Subject: [slackware-security] OpenSSL security update
(SSA:2004-077-01)
>Date: Wed, 17 Mar 2004 17:34:04 -0800 (PST)
>From: Slackware Security Team <security@slackware.com>
>Reply-To: Slackware Security Team <security@slackware.com>
>To: slackware-security@slackware.com
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>[slackware-security] OpenSSL security update (SSA:2004-077-01)
>
>Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
>9.1, and -current. These fix two potential denial-of-service
>issues in earlier versions of OpenSSL.
>
>We recommend sites that use OpenSSL upgrade to the fixed packages
>right away.
>
>More details about this issue may be found in the Common
>Vulnerabilities and Exposures (CVE) database:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
>
>Here are the details from the Slackware 9.1 ChangeLog:
>+--------------------------+
>Wed Mar 17 14:41:42 PST 2004
>patches/packages/openssl-0.9.7d-i486-1.tgz: Upgraded to
openssl-0.9.7d.
>patches/packages/openssl-solibs-0.9.7d-i486-1.tgz: Upgraded to
> openssl-0.9.7d. This fixes two potential denial-of-service issues
in
> earlier versions of OpenSSL. For more details, see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
> (* Security fix *)
>+--------------------------+
>
>
>WHERE TO FIND THE NEW PACKAGES:
>+-----------------------------+
>
>Updated packages for Slackware 8.1:
>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
openssl-0.9.6m-i386-1.tgz
>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
openssl-solibs-0.9.6m-i386-1.tgz
>
>Updated packages for Slackware 9.0:
>ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
openssl-0.9.7d-i386-1.tgz
>ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
openssl-solibs-0.9.7d-i386-1.tgz
>
>Updated packages for Slackware 9.1:
>ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
openssl-0.9.7d-i486-1.tgz
>ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
openssl-solibs-0.9.7d-i486-1.tgz
>
>Updated packages for Slackware -current:
>ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/o
penssl-solibs-0.9.7d-i486-1.tgz
>ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/o
penssl-0.9.7d-i486-1.tgz
>
>
>MD5 SIGNATURES:
>+-------------+
>
>Slackware 8.1 packages:
>9526929bee40c6f29ddd3e9549deff3a openssl-0.9.6m-i386-1.tgz
>8e9e9121276309c6082d4f16aa1ba31e openssl-solibs-0.9.6m-i386-1.tgz
>
>Slackware 9.0 packages:
>51738802d6c2c33852870e5921a96b71 openssl-0.9.7d-i386-1.tgz
>18a9c560acf5c9df7f782bd16455d964 openssl-solibs-0.9.7d-i386-1.tgz
>
>Slackware 9.1 packages:
>24e4d36cf911d45c5e33a075bb353a85 openssl-0.9.7d-i486-1.tgz
>b53517348c04a279fb8139d98367f1cb openssl-solibs-0.9.7d-i486-1.tgz
>
>Slackware -current packages:
>04df11995b00fcd19cdf2ced00c962eb openssl-0.9.7d-i486-1.tgz
>bd21b8d487217758b903bdbc9ac309a1 openssl-solibs-0.9.7d-i486-1.tgz
>
>
>INSTALLATION INSTRUCTIONS:
>+------------------------+
>
>Upgrade using upgradepkg (as root):
># upgradepkg openssl-0.9.7d-i486-1.tgz
openssl-solibs-0.9.7d-i486-1.tgz
>
>
>+-----+
>
>Slackware Linux Security Team
>http://slackware.com/gpg-key
>security@slackware.com
>
>+--------------------------------------------------------------------
----+
>| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:
|
>+--------------------------------------------------------------------
----+
>| Send an email to majordomo@slackware.com with this text in the body
of |
>| the email message:
|
>|
|
>| unsubscribe slackware-security
|
>|
|
>| You will get a confirmation message back. Follow the instructions
to |
>| complete the unsubscription. Do not reply to this message to
|
>| unsubscribe!
|
>+--------------------------------------------------------------------
----+
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (GNU/Linux)
>
>iD8DBQFAWPgIakRjwEAQIjMRAq8qAJ9y2KgahJ1na5q0ZZxH9J+QkUc08gCeMj0Z
>0n8sxKetGEecG+IKQLNzMuI=
>=dGRx
>-----END PGP SIGNATURE-----
>
>--
>___________________
>Nolug mailing list
>nolug@nolug.org

___________________
Nolug mailing list
nolug@nolug.org
Received on 03/25/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST