[bglug] Fwd: [Slackit.org] [slackware-security] OpenSSL security update (SSA:2003-273-01)

embyte embyte@madlab.it
Gio 2 Ott 2003 14:13:13 CEST 

>[slackware-security]  OpenSSL security update (SSA:2003-273-01)
>
>Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
>9.1, and -current.  These fix problems with ASN.1 parsing which
>could lead to a denial of service.  It is not known whether the
>problems could lead to the running of malicious code on the
>server, but it has not been ruled out.
>
>We recommend sites that use OpenSSL upgrade to the fixed packages
>right away.
>
>
>Here are the details from the Slackware 9.1 ChangeLog:
>+--------------------------+
>Tue Sep 30 16:16:35 PDT 2003
>patches/packages/openssl-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
>patches/packages/openssl-solibs-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL
>0.9.7c.
>   This update fixes problems with OpenSSL's ASN.1 parsing which could lead
> to a denial of service.  It is not known whether the problems could lead to
> the
>   running of malicious code on the server, but it has not been ruled out.
>   For detailed information, see OpenSSL's security advisory:
>     http://www.openssl.org/news/secadv_20030930.txt
>   We recommend sites that use OpenSSL upgrade to the fixed packages right
> away.
>   (* Security fix *)
>+--------------------------+
>
>
>WHERE TO FIND THE NEW PACKAGES:
>+-----------------------------+
>
>Updated packages for Slackware 8.1:
>ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl
>-0.9.6k-i386-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openss
>l-solibs-0.9.6k-i386-1.tgz
>
>Updated packages for Slackware 9.0:
>ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl
>-0.9.7c-i386-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openss
>l-solibs-0.9.7c-i386-1.tgz
>
>Updated packages for Slackware 9.1:
>ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl
>-0.9.7c-i486-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openss
>l-solibs-0.9.7c-i486-1.tgz
>
>Updated packages for Slackware -current:
>ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-
>solibs-0.9.7c-i486-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl
>-0.9.7c-i486-1.tgz
>
>
>MD5 SIGNATURES:
>+-------------+
>
>Slackware 8.1 packages:
>b16847083943c529ff63a07331d1818f  openssl-0.9.6k-i386-1.tgz
>a371561b0f2148149abc662d02b17381  openssl-solibs-0.9.6k-i386-1.tgz
>
>Slackware 9.0 packages:
>1a45090e4e432884de48beae5dfae540  openssl-0.9.7c-i386-1.tgz
>04629d814bd468b0b9e4f7da3df92752  openssl-solibs-0.9.7c-i386-1.tgz
>
>Slackware 9.1 packages:
>49dbc64a43633bedb3ff8e5be93e7c6a  openssl-0.9.7c-i486-1.tgz
>7598ad83ffd12e5b8e34dcf60fb18e1d  openssl-solibs-0.9.7c-i486-1.tgz
>
>Slackware -current packages:
>49dbc64a43633bedb3ff8e5be93e7c6a  openssl-0.9.7c-i486-1.tgz
>7598ad83ffd12e5b8e34dcf60fb18e1d  openssl-solibs-0.9.7c-i486-1.tgz
>
>
>INSTALLATION INSTRUCTIONS:
>+------------------------+
>
>Upgrade using upgradepkg (as root):
># upgradepkg openssl-0.9.7c-i486-1.tgz openssl-solibs-0.9.7c-i486-1.tgz
>
>
>
>+-----+
>
>Slackware Linux Security Team
>http://slackware.com/gpg-key
>security@slackware.com

Maggiori informazioni sulla lista bglug