SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yes I know, I'm building a temporary package with the 1.0.1g source and the source package. Unfortunately the build fails at some point, though it is only for the documentation part (which I am disabling).
But not knowing all the implications (ie which other packages to rebuild), I will be much more confident when all PV's official patches are released.
I've successfully built openssl-1.0.1g-x86_64-1_slack14.1.txz and openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz using the source package for openssl-1.0.1f. All it took was to remove the previous tarball (openssl-1.0.1f.tar.gz) and drop in the new one openssl-1.0.1g .tar.gz
I'd put it on a server for others to download, but right now I do not want to ssh into any server not yet patched... at least my client is already clean.
Now get all new passwords, ssl keys... what a nightmare!
AFAIK pretty much everything in Slackware linking the openssl libraries does it with the dynamic ones, so you should be safe upgrading the openssl and openssl-solibs packages.
FYI, waiting for the official packages, I tried here building from slackware64-current's and slackware64-14.1's sources just substituting the tarball file (well, I got also the signature) and everything seems to have went fine (no problems with docs building like metageek reported).
AFAIK pretty much everything in Slackware linking the openssl libraries does it with the dynamic ones, so you should be safe upgrading the openssl and openssl-solibs packages.
Thanks for the info, this sounds good. I did manage to build now that I used the source package in the 14.1 patch folder (rather than the one on the original 14.1 source).
AFAIK pretty much everything in Slackware linking the openssl libraries does it with the dynamic ones, so you should be safe upgrading the openssl and openssl-solibs packages.
well, to avoid misunderstanding I have to specify (for the ones that haven't read mancha's post or the dedicated site) that when I said "you should be safe" I meant on the software side: like the reporters say, every certificate (server-side and client-side) is potentially compromised and must be regenerated and so, still potentially, are passwords trasmitted on services using openssl...
Yes, all passwords, and ssl keys need to be reset, and this is only on the clients. Servers have further problems with certificates. And all the goodies they keep might already have been taken (password DBs, SSNs, credit card numbers, bitcoins, the whole lot).
Before updating passwords and ssl keys I am not loggin in to any site of importance (ie banks, etc). I'm physically copying the updated packages using USB memory stick, not daring using ssh (since machines receiving them through ssh would not have been patched yet).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.