ID SSA-2015-190-01
Type slackware
Reporter Slackware Linux Project
Modified 2015-07-09T12:17:02


New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/openssl-1.0.1p-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issue: Alternative chains certificate forgery (CVE-2015-1793). During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. For more information, see: ( Security fix ) patches/packages/openssl-solibs-1.0.1p-i486-1_slack14.1.txz: Upgraded.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab ( for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on for additional mirror sites near you.

Updated packages for Slackware 14.0:

Updated packages for Slackware x86_64 14.0:

Updated packages for Slackware 14.1:

Updated packages for Slackware x86_64 14.1:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:

MD5 signatures:

Slackware 14.0 packages: a77913257d9e4d9f0b143e7c2bf829d3 openssl-1.0.1p-i486-1_slack14.0.txz 9d778b2df5c01be05c5133d3c420a216 openssl-solibs-1.0.1p-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 1423b29d8621434363fcd92480544d19 openssl-1.0.1p-x86_64-1_slack14.0.txz e510fd37b65ab9b585f505c3b8925755 openssl-solibs-1.0.1p-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 483c52a8f52243486db12c6a85e59ad3 openssl-1.0.1p-i486-1_slack14.1.txz a2704397b9eabd509336dedfe1b51ff3 openssl-solibs-1.0.1p-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 2a4b0b930a7513a24a719f9996c3cd5d openssl-1.0.1p-x86_64-1_slack14.1.txz 3414a0e114c93ac4352938f182df5180 openssl-solibs-1.0.1p-x86_64-1_slack14.1.txz

Slackware -current packages: a867679d8f4a29a7b206930840d8c92f a/openssl-solibs-1.0.1p-i586-1.txz 1e28db3e77d547ef338c7116cf8d415f n/openssl-1.0.1p-i586-1.txz

Slackware x86_64 -current packages: f53454dd43f9d3206db58b9cd8b4e53e a/openssl-solibs-1.0.1p-x86_64-1.txz 4433713b6723a0715dc60d1254ee2ca3 n/openssl-1.0.1p-x86_64-1.txz

Installation instructions:

Upgrade the packages as root: > upgradepkg openssl-1.0.1p-i486-1_slack14.1.txz openssl-solibs-1.0.1p-i486-1_slack14.1.txz