The Slackware Linux Project: Slackware Security Advisories

Slackware Security Advisories
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2025-040-01)
Date: Sun, 9 Feb 2025 14:01:20 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2025-040-01)

New openssl packages are available for Slackware 15.0 and -current to
fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz:  Upgraded.
  Apply patch to fix a low severity security issue:
  Fix timing side-channel in ECDSA signature computation.
  There is a timing signal of around 300 nanoseconds when the top word of
  the inverted ECDSA nonce value is zero. This can happen with significant
  probability only for some of the supported elliptic curves. In particular
  the NIST P-521 curve is affected. To be able to measure this leak, the
  attacker process must either be located in the same physical computer or
  must have a very fast network connection with low latency.
  This CVE was fixed by the second 1.1.1zb release that is only available to
  subscribers to OpenSSL's premium extended support. The patch was prepared
  by backporting from the OpenSSL-3.0 repo.
  Thanks to Ken Zalewski for the patch!
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-13176
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zb_p2-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl11-solibs-1.1.1zb_p2-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl11-1.1.1zb_p2-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl11-solibs-1.1.1zb_p2-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl11-1.1.1zb_p2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
015337a12703439ad126796cccadb32a  openssl-1.1.1zb_p2-i586-1_slack15.0.txz
3a49f6b67394776376ba7c5b0ec68bcf  openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
cea815dffd81ce31399c196573ff85fe  openssl-1.1.1zb_p2-x86_64-1_slack15.0.txz
faa926d10308a27d354d32b77e7ca84d  openssl-solibs-1.1.1zb_p2-x86_64-1_slack15.0.txz

Slackware -current packages:
f2cdf01e8b41cdbe46fc6d00f57aabd3  a/openssl11-solibs-1.1.1zb_p2-i686-1.txz
0b61e87f8eccee0aa63e8e004917264c  n/openssl11-1.1.1zb_p2-i686-1.txz

Slackware x86_64 -current packages:
07f8cc63b8b4496aa57f43bd60bb2dec  a/openssl11-solibs-1.1.1zb_p2-x86_64-1.txz
800b55b044a223355ddd37e3b125ac72  n/openssl11-1.1.1zb_p2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.1.1zb_p2-i586-1_slack15.0.txz openssl-solibs-1.1.1zb_p2-i586-1_slack15.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCZ6kjTwAKCRBqRGPAQBAi
M2BSAJ4xk+s2OK58jZEJNJX5g8OLX1r+SACgjiWdLWl4lZY1S6FZgsvwrOIYgYA=
=9aND
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.