diff options
author | Adrien Nader <adrien@notk.org> | 2014-10-15 20:35:40 +0200 |
---|---|---|
committer | Adrien Nader <adrien@notk.org> | 2014-10-15 20:35:40 +0200 |
commit | 644723aa93bb9870b3ba1215ee89df3c16704334 (patch) | |
tree | e479826ad6f9db24e9b42dcc0a4ef8c64958e938 /slackware64-current/source/n | |
parent | b880d19df2c9e59e83d1d68a15127ce6df0facc3 (diff) |
Wed Oct 15 17:28:59 UTC 2014
a/openssl-solibs-1.0.1j-x86_64-1.txz: Upgraded.
(* Security fix *)
n/openssl-1.0.1j-x86_64-1.tx: Upgraded.
This update fixes several security issues:
SRTP Memory Leak (CVE-2014-3513):
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack.
Session Ticket Memory Leak (CVE-2014-3567):
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.
SSL 3.0 Fallback protection:
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
Build option no-ssl3 is incomplete (CVE-2014-3568):
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
For more information, see:
https://www.openssl.org/news/secadv_20141015.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
(* Security fix *)
Diffstat (limited to 'slackware64-current/source/n')
9 files changed, 5 insertions, 5 deletions
diff --git a/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz b/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz deleted file mode 100644 index 62d6467c9..000000000 --- a/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz +++ /dev/null @@ -1 +0,0 @@ -74eed314fa2c93006df8d26cd9fc630a101abd76 diff --git a/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz.asc b/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz.asc deleted file mode 100644 index 6fca25734..000000000 --- a/slackware64-current/source/n/openssl/openssl-1.0.1i.tar.gz.asc +++ /dev/null @@ -1 +0,0 @@ -cab74d1a069694234dfe74f0ae1c9501ab817ea8 diff --git a/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz b/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz new file mode 100644 index 000000000..0bd7cf0a4 --- /dev/null +++ b/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz @@ -0,0 +1 @@ +cff86857507624f0ad42d922bb6f77c4f1c2b819 diff --git a/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz.asc b/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz.asc new file mode 100644 index 000000000..3dc02bc3f --- /dev/null +++ b/slackware64-current/source/n/openssl/openssl-1.0.1j.tar.gz.asc @@ -0,0 +1 @@ +9d6de10f6e5a09c3d83d4d6f4f61393b3569f28a diff --git a/slackware64-current/source/n/openssl/openssl0/certwatch.gz b/slackware64-current/source/n/openssl/openssl0/certwatch.gz index 85b903baa..19e265200 100644 --- a/slackware64-current/source/n/openssl/openssl0/certwatch.gz +++ b/slackware64-current/source/n/openssl/openssl0/certwatch.gz @@ -1 +1 @@ -4fa13b1e461bd081d89668acbe313bd94f815a3f +33c0b4606cbe248fe0e85cb8a917e3f60eed082f diff --git a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz deleted file mode 100644 index 7b7ac0e9c..000000000 --- a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz +++ /dev/null @@ -1 +0,0 @@ -4f0079d4d924ab618d5f846cb91f413184bf8dea diff --git a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz.asc b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz.asc deleted file mode 100644 index 23adecaa7..000000000 --- a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zb.tar.gz.asc +++ /dev/null @@ -1 +0,0 @@ -30c3299affc4e0d5914466c26ceca93aeaab46b6 diff --git a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz new file mode 100644 index 000000000..78ae3dfd4 --- /dev/null +++ b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz @@ -0,0 +1 @@ +c7c4715b09d1b68aec564671afd7ec416edf764f diff --git a/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz.asc b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz.asc new file mode 100644 index 000000000..08fdfd8c0 --- /dev/null +++ b/slackware64-current/source/n/openssl/openssl0/openssl-0.9.8zc.tar.gz.asc @@ -0,0 +1 @@ +6f8b93c4028d0c1dc70f42d2126d28337e7c6d1f |