[security-announce] OpenSSL: Security update (upgrade to OpenSSL version 1.0.1m)

Sona Sarmadi sona.sarmadi at enea.com
Tue Apr 7 13:53:10 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	Enea Linux Security Advisory

=========================================================
Product/package: OpenSSL

CVEs addressed in this update (1.0.1j to 1.0.1m):
OpenSSL 1.0.1k: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569
CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275
CVE-2014-3570,

OpenSSL 1.0.1m: CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,
CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288
=========================================================
A security patch that upgrades OpenSSL to 1.0.1m version
is now available at http://linux.enea.com/5.0-beta-m400/patches:

README file: 0012-openssl-Upgrade-to-1.0.1m.patch
Patch file: 0012-openssl-Upgrade-to-1.0.1m.patch

References:
==========
OpenSSL 1.0.1k
https://www.openssl.org/news/secadv_20150108.txt

OpenSSL 1.0.1m
https://www.openssl.org/news/secadv_20150319.txt


How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/5.0-beta-m400/Enea-Linux-5.0-beta-m400.tar.gz
tar zxvf Enea-Linux-5.0-beta-m400.tar.gz
<Fetch and apply the existing patches, please refer to
    README file for the individual patch>

 - Fetch and apply the new patch
cd Enea-Linux-5.0-beta-m400/poky
wget
http://linux.enea.com/5.0-beta-m400/patches/0012-openssl-Upgrade-to-1.0.1m.patch
patch -p1 < ./0012-openssl-Upgrade-to-1.0.1m.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVI8UmAAoJEHc+9u9ocWoURlQP/jnt1wgXOXE9zptebh2DStgF
t7KxIm1wteKGyYl+HpQEkamOsyPQ+RPcmObpEcaN1l10O8YGTIBurhO4AdiE6PpN
xwMYvtVz8lGYkwPY6+YHjPDNE0jvAn/dd5UZyO9eUT6xLEgzWJd+AZJBITKpsp+7
AMdzvnTt/tJXSKXM4TzuXJRw7ucJgAa+bvW3T4L3mXMeog0G035oeLD0EWv2J+1x
ewtRRiY4jI115B8USuoAjU4xwZ3AKpf7FCsHALcLfYD17fR9/M2g6SbrbDagKpEs
rOYc00QgVWreReQSnAADoqEPzKZ6fzZ/4cDlgppWEkGWnmot/eEb9wkxsv+NkZMG
I3UEjuZH5VinqN8sIg8MDdIKj0TKboWSTulIdI2K5jkJQSlKQP88y95kZ+v1w6m4
rCGFQPlqhGpE5l7paJO/byyakqCBRI8Rig86rkTAsBC5IeKbuS87Jr5CYl0YLDny
dGHOMZVFSXI87X6NU1gAOrvUwaULMVOIfB3f5Zjn7bVW88QnK2ggHe2ofkAaaClM
RLkZCrLyrm90M+m3IEcxwxLlqIL8+lnoPtdKBstyr+HApdLKlHPAlhSeeCvPyIQO
7GV3PmxudKXZaz0TlfoL2aDbUr+tXmnQGxhQ2yUZa5IrwF5n2IH+5SNpDTafzAui
EJnjhxDDvEKoY7wPwsB+
=I7wB
-----END PGP SIGNATURE-----



More information about the security-announce mailing list