Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2019-354-01
HistoryDec 21, 2019 - 1:28 a.m.

[slackware-security] openssl

2019-12-2101:28:09
Slackware Linux Project
www.slackware.com
16

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/openssl-1.0.2u-i586-1_slack14.2.txz: Upgraded.
This update fixes a low severity security issue:
Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli.
For more information, see:
https://www.openssl.org/news/secadv/20191206.txt
https://vulners.com/cve/CVE-2019-1551
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2u-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2u-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2u-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2u-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl10-solibs-1.0.2u-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl10-1.0.2u-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl10-solibs-1.0.2u-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl10-1.0.2u-x86_64-1.txz

MD5 signatures:

Slackware 14.2 packages:
3702a752b6916911666b3bd372b043ce openssl-1.0.2u-i586-1_slack14.2.txz
4648eb489834f226169bf13e2ee06061 openssl-solibs-1.0.2u-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
c114da2209510d47b59ded5af7dd8610 openssl-1.0.2u-x86_64-1_slack14.2.txz
e4b1c5a3f87e7cd92e05ec19c52e9761 openssl-solibs-1.0.2u-x86_64-1_slack14.2.txz

Slackware -current packages:
fee7474fb4e0be59a0a1da866cfe4f5b a/openssl10-solibs-1.0.2u-i586-1.txz
b3e7d484a352406ba822ddf5f6dbe9ff n/openssl10-1.0.2u-i586-1.txz

Slackware x86_64 -current packages:
1f180cb72a66080dcf7fc95083197cab a/openssl10-solibs-1.0.2u-x86_64-1.txz
6d269275da2fb00f13df65a5b12edd37 n/openssl10-1.0.2u-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-1.0.2u-i586-1_slack14.2.txz openssl-solibs-1.0.2u-i586-1_slack14.2.txz

Related

symantec 2
nessus 51
openvas 29
redhatcve 1
ibm 29
veracode 1
cve 1
suse 1
prion 1
amazon 1
alpinelinux 1
osv 5
debiancve 1
cvelist 1
redhat 7
nvd 1
photon 10
debian 4
hackerone 1
oraclelinux 1
mageia 1
ubuntucve 1
openssl 1
freebsd 1
f5 1
fedora 3
altlinux 4
gentoo 1
cloudfoundry 2
ubuntu 2
oracle 3
avleonov 1
symantec
symantec
Openssl CVE-2019-1551 Integer Overflow Vulnerability
2019-12-06 00:00:00
OpenSSL Vulnerabilities Sep 2019 – Apr 2020
2020-05-19 20:35:38
nessus
nessus
FreeBSD : OpenSSL -- Overflow vulnerability (d778ddb0-2338-11ea-a1c7-b499baebfeaf)
2019-12-23 00:00:00
SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:0064-1)
2020-01-13 00:00:00
RHEL 8 : openssl (RHSA-2020:4514)
2020-11-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1021)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1538)
2020-04-30 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1625)
2020-06-16 00:00:00
redhatcve
redhatcve
CVE-2019-1551
2019-12-09 04:17:57
ibm
ibm
Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2019-1551)
2020-04-29 14:52:50
Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2019-1551)
2020-07-23 21:32:18
Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server
2020-10-30 21:12:00
veracode
veracode
Integer Overflow
2019-12-10 06:08:42
cve
cve
CVE-2019-1551
2019-12-06 18:15:12
suse
suse
Security update for openssl-1_1 (moderate)
2020-01-15 00:00:00
prion
prion
Buffer overflow
2019-12-06 18:15:00
amazon
amazon
Low: openssl
2021-07-14 20:39:00
alpinelinux
alpinelinux
CVE-2019-1551
2019-12-06 18:15:12
osv
osv
openssl1.0 - security update
2019-12-27 00:00:00
CVE-2019-1551
2019-12-06 18:15:12
openssl - security update
2022-03-17 00:00:00
debiancve
debiancve
CVE-2019-1551
2019-12-06 18:15:12
cvelist
cvelist
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64
2019-12-06 00:00:00
redhat
redhat
(RHSA-2020:4514) Low: openssl security, bug fix, and enhancement update
2020-11-03 12:11:41
(RHSA-2020:4383) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update
2020-10-28 15:45:34
(RHSA-2020:4384) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update
2020-10-28 15:46:06
nvd
nvd
CVE-2019-1551
2019-12-06 18:15:12
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0054
2020-02-04 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0048
2020-01-17 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0201
2020-01-23 00:00:00
debian
debian
[SECURITY] [DSA 4594-1] openssl1.0 security update
2019-12-27 22:13:06
[SECURITY] [DLA 2952-1] openssl security update
2022-03-17 09:48:17
[SECURITY] [DSA 4855-1] openssl security update
2021-02-17 13:40:59
hackerone
hackerone
Internet Bug Bounty: CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64
2024-04-05 15:13:26
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2020-11-10 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2020-01-05 18:37:51
ubuntucve
ubuntucve
CVE-2019-1551
2019-12-06 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1551
2019-12-06 00:00:00
freebsd
freebsd
OpenSSL -- Overflow vulnerability
2019-12-06 00:00:00
f5
f5
K43798238 : OpenSSL vulnerability CVE-2019-1551
2020-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: openssl-1.1.1g-1.fc30
2020-04-30 02:52:05
[SECURITY] Fedora 31 Update: openssl-1.1.1g-1.fc31
2020-05-09 04:12:38
[SECURITY] Fedora 32 Update: openssl-1.1.1g-1.fc32
2020-04-26 02:51:31
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1g-alt1
2020-04-29 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1g-alt1
2020-04-21 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2u-alt0.M80P.1
2020-12-11 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2020-04-23 00:00:00
cloudfoundry
cloudfoundry
USN-4504-1: OpenSSL vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
USN-4376-1: OpenSSL vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2020-09-16 00:00:00
OpenSSL vulnerabilities
2020-05-28 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON
Related for SSA-2019-354-01
symantec2nessus51openvas29redhatcve1ibm29veracode1cve1suse1prion1amazon1alpinelinux1osv5debiancve1cvelist1redhat7nvd1photon10debian4hackerone1oraclelinux1mageia1ubuntucve1openssl1freebsd1f51fedora3altlinux4gentoo1cloudfoundry2ubuntu2oracle3avleonov1