SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I received a rather odd email from slackware.com a couple of hours ago.
What was odd wasn't the content, as it appeared to be an almost standard Slackware security notification regarding OpenSSL, but rather, that the message came from root@slackware.com w/no subject line instead of slackware-security@slackware.com.
Here's a snippet of what I got.
Code:
Received: from connie.slackware.com (localhost [127.0.0.1])
by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r19N3w2a019179
for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Received: from localhost (security@localhost)
by connie.slackware.com (8.14.3/8.14.3/Submit) with ESMTP id r19N3wti019176
for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Date: Sat, 9 Feb 2013 15:03:57 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2013-040-01)
Message-ID: <alpine.LNX.2.02.1302091503400.19166@connie.slackware.com>
User-Agent: Alpine 2.02 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="960504934-503621985-1360451038=:19166"
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--960504934-503621985-1360451038=:19166
Content-Type: TEXT/PLAIN; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] openssl (SSA:2013-040-01)
New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz: Upgraded.
Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Well, regardless, I got it and have therefore almost finished upgrading OpenSSL on most of the Slackware boxes I maintain.
That's the most important part.
I just thought it was odd to receive the notification in such a manner, but you gotta love Pine (er... Alpine I guess LOL)
Last edited by tallship; 02-09-2013 at 09:41 PM.
Reason: maek pritty
I got it too. After examining it, it looks as if the presence of a few characters with umlauts caused alpine to wrap it as multipart MIME, and after that the mailing list scripts choked on it and mangled it enough that the signature doesn't verify. The one posted on slackware.com is good in the sense that the GPG sig on that one will verify.
Sorry about that. Perhaps it should be mailed again from something else. I'm pretty sure it would go through correctly.
Unfortunately "pretty sure" didn't cut it. I sent it again, this time with mailx. It looks better, but still fails GPG. I'll be looking for a solution (if nothing else, I can avoid non-ASCII characters), but meanwhile if you're not sure this it real you can check the copy posted on slackware.com.
Received: from connie.slackware.com (localhost [127.0.0.1])
by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r1A5Tc54000843
for <slackware-security@slackware.com>; Sat, 9 Feb 2013 21:29:38 -0800
Received: (from security@localhost)
by connie.slackware.com (8.14.3/8.14.3/Submit) id r1A5Tcrn000841
for slackware-security@slackware.com; Sat, 9 Feb 2013 21:29:38 -0800
From: Slackware Security Team <security@slackware.com>
Message-Id: <201302100529.r1A5Tcrn000841@connie.slackware.com>
Date: Sat, 09 Feb 2013 21:29:38 -0800
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2013-040-01)
User-Agent: Heirloom mailx 12.3 7/15/07
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Hi folks! The last attempt at mailing this was converted by Alpine when it
saw some ISO-8859 characters, mangling the headers and causing the GPG
signature to fail. Hopefully this try will work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.