MariaDB/OpenSSL Updates for Slackware
Posted on: 11/03/2017 10:32 AM

The following updates has been released for Slackware Linux:

mariadb (SSA:2017-306-01)
openssl (SSA:2017-306-02)

mariadb (SSA:2017-306-01)
New mariadb packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://jira.mariadb.org/browse/MDEV-13819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.58-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.58-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mariadb-10.0.33-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.2.10-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.2.10-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
be57c0c617ac24e33f76a028e1f9ca88 mariadb-5.5.58-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
2ed0c3ff4b71a2032659847533ff73d5 mariadb-5.5.58-x86_64-1_slack14.1.txz

Slackware 14.2 package:
54ebb377120765d79eeae2ae9b4e0032 mariadb-10.0.33-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
e3ec84a91ba39fa6c0a3a43557207b6d mariadb-10.0.33-x86_64-1_slack14.2.txz

Slackware -current package:
f7eceee6d0bb1d60bd341c9746724ed7 ap/mariadb-10.2.10-i586-1.txz

Slackware x86_64 -current package:
426524c7af2193dbdac350700d335392 ap/mariadb-10.2.10-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mariadb-10.0.33-i586-1_slack14.2.txz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart


openssl (SSA:2017-306-02)
New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
There is a carry propagating bug in the x64 Montgomery squaring procedure.
No EC algorithms are affected. Analysis suggests that attacks against RSA
and DSA as a result of this defect would be very difficult to perform and
are not believed likely. Attacks against DH are considered just feasible
(although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount of
resources required for such an attack would be very significant and likely
only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
For more information, see:
https://www.openssl.org/news/secadv/20171102.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
(* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2m-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2l-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2m-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2l-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2m-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.2 packages:
53cf0ad803cc25e2a1743c423ecef363 openssl-1.0.2m-i586-1_slack14.2.txz
aec151a19c32844355f8a13089f82154 openssl-solibs-1.0.2m-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
8beeb92a178b9b8e135c6b1018003c22 openssl-1.0.2m-x86_64-1_slack14.2.txz
b912777079f28301936a77790d00a7ae openssl-solibs-1.0.2m-x86_64-1_slack14.2.txz

Slackware -current packages:
647adb0751e6cd6e988ca81cf595cc0e a/openssl-solibs-1.0.2l-i586-1.txz
c76711fb8f8ce77b5cdf6e5904dfd4a1 n/openssl-1.0.2m-i586-1.txz

Slackware x86_64 -current packages:
47323660a6504018ee6b4490c268060b a/openssl-solibs-1.0.2l-x86_64-1.txz
fa9ed59b81567d356bd59c953fbabc1e n/openssl-1.0.2m-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.0.2m-i586-1_slack14.2.txz openssl-solibs-1.0.2m-i586-1_slack14.2.txz






Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mariadbopenssl_updates_for_slackware.html)