|
|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2025-296-01)
Date: Thu, 23 Oct 2025 15:27:40 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] openssl (SSA:2025-296-01)
New openssl packages are available for Slackware 15.0 to fix a security issue.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zd-i586-1_slack15.0.txz: Upgraded.
Apply patch to fix a moderate severity security issue:
Fix incorrect check of unwrapped key size in kek_unwrap_key()
The check is off by 8 bytes so it is possible to overread by up to 8 bytes
and overwrite up to 4 bytes.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to perform
it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used.
This CVE was fixed by the 1.1.1zd release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-9230
(* Security fix *)
patches/packages/openssl-solibs-1.1.1zd-i586-1_slack15.0.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zd-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zd-i586-1_slack15.0.txz
Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zd-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zd-x86_64-1_slack15.0.txz
MD5 signatures:
+-------------+
Slackware 15.0 packages:
5917ba00eca52d7e3377c051c02772a6 openssl-1.1.1zd-i586-1_slack15.0.txz
1d8b3745c638b4788d22abf581ab3c2d openssl-solibs-1.1.1zd-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages:
231482c02ec0e0ca42dffafaf8ef9e01 openssl-1.1.1zd-x86_64-1_slack15.0.txz
43b1705338bcd157b2e78f98d61ffd34 openssl-solibs-1.1.1zd-x86_64-1_slack15.0.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.1.1zd-i586-1_slack15.0.txz openssl-solibs-1.1.1zd-i586-1_slack15.0.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCaPqo7gAKCRBqRGPAQBAi
M3h5AJ9XHYnF3TVFgPrrGyQWAuW4qRZo8gCfcjF1lYU67kqQITkGC8nbdT/Pn6E=
=3GkA
-----END PGP SIGNATURE-----
|
|
|
