OpenSSL version

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

OpenSSL version

Post#1 by Testuser » 12 Apr 2022, 18:57

Hi Team,

Just for your information.

We have a [High severity] - Vulnerablity on the run

CVE-2022-0778 (OpenSSL advisory) 15 March 2022

Fixed in OpenSSL 3.0.2 (git commit) (Affected 3.0.0,3.0.1)
Fixed in OpenSSL 1.1.1n (git commit) (Affected 1.1.1-1.1.1m)
Fixed in OpenSSL 1.0.2zd (git commit) (Affected 1.0.2-1.0.2zc)

More info here

https://www.openssl.org/news/vulnerabilities.html

or

https://www.openssl.org/news/secadv/20220315.txt

Please find the current version we have in Porteus RC3.

guest@porteus:~$ openssl version
OpenSSL 1.1.1k 25 Mar 2021

Can we update the openssl to 1.1.1n

Thanks

User avatar
ncmprhnsbl
DEV Team
DEV Team
Posts: 3925
Joined: 20 Mar 2012, 03:42
Distribution: v5.0-64bit
Location: australia
Contact:

OpenSSL version

Post#2 by ncmprhnsbl » 13 Apr 2022, 07:50

Testuser wrote:
12 Apr 2022, 18:57
Can we update the openssl to 1.1.1n
quite possibly.. should be able to use the packages from 15.0 patches (should be compatible)
i586:
https://mirrors.slackware.com/slackware ... ck15.0.txz
x86_64:
https://mirrors.slackware.com/slackware ... ck15.0.txz
just download, convert to module (txz2xzm) and put in your modules directory, reboot..
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44

Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

OpenSSL version

Post#3 by Testuser » 13 Apr 2022, 10:03

:) :hi:

I was not able to download from the provided links.

Got it from here

https://slackware.uk/slackware/slackwar ... 6_64-1.txz

User avatar
ncmprhnsbl
DEV Team
DEV Team
Posts: 3925
Joined: 20 Mar 2012, 03:42
Distribution: v5.0-64bit
Location: australia
Contact:

OpenSSL version

Post#4 by ncmprhnsbl » 13 Apr 2022, 21:31

Testuser wrote:
13 Apr 2022, 10:03
Got it from here
the only thing about using the 'current' repo for rc3 is that openssl is now compiled against a newer glibc(2.35 : 2.33), which may(or may not) be a problem... that's why i suggested 15.0 patches..
so here: https://slackware.uk/slackware/slackwar ... /packages/
also, you should get the openssl-solibs package too..
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44

Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

OpenSSL version

Post#5 by Testuser » 14 Apr 2022, 08:44

Thanks much for letting us know. :)

Post Reply