OpenSSL version

Post#1 by **Testuser** » 12 Apr 2022, 18:57

Hi Team,

Just for your information.

We have a [High severity] - Vulnerablity on the run

CVE-2022-0778 (OpenSSL advisory) 15 March 2022

Fixed in OpenSSL 3.0.2 (git commit) (Affected 3.0.0,3.0.1)
Fixed in OpenSSL 1.1.1n (git commit) (Affected 1.1.1-1.1.1m)
Fixed in OpenSSL 1.0.2zd (git commit) (Affected 1.0.2-1.0.2zc)

More info here

https://www.openssl.org/news/vulnerabilities.html

or

https://www.openssl.org/news/secadv/20220315.txt

Please find the current version we have in Porteus RC3.

guest@porteus:~$ openssl version
OpenSSL 1.1.1k 25 Mar 2021

Can we update the openssl to 1.1.1n

Thanks

Post#2 by **ncmprhnsbl** » 13 Apr 2022, 07:50

Testuser wrote: ↑
12 Apr 2022, 18:57
Can we update the openssl to 1.1.1n

quite possibly.. should be able to use the packages from 15.0 patches (should be compatible)
i586:
https://mirrors.slackware.com/slackware ... ck15.0.txz
x86_64:
https://mirrors.slackware.com/slackware ... ck15.0.txz
just download, convert to module (txz2xzm) and put in your modules directory, reboot..

Post#3 by **Testuser** » 13 Apr 2022, 10:03

I was not able to download from the provided links.

Got it from here

https://slackware.uk/slackware/slackwar ... 6_64-1.txz

Post#4 by **ncmprhnsbl** » 13 Apr 2022, 21:31

Testuser wrote: ↑
13 Apr 2022, 10:03
Got it from here

the only thing about using the 'current' repo for rc3 is that openssl is now compiled against a newer glibc(2.35 : 2.33), which may(or may not) be a problem... that's why i suggested 15.0 patches..
so here: https://slackware.uk/slackware/slackwar ... /packages/
also, you should get the openssl-solibs package too..

Post#5 by **Testuser** » 14 Apr 2022, 08:44

Thanks much for letting us know.