Home / mailingsPDF  

[slackware-security] openssl (SSA:2025-296-01)

Posted on 24 October 2025
Slackware Security

[slackware-security] openssl (SSA:2025-296-01)

New openssl packages are available for Slackware 15.0 to fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zd-i586-1_slack15.0.txz: Upgraded.
Apply patch to fix a moderate severity security issue:
Fix incorrect check of unwrapped key size in kek_unwrap_key()
The check is off by 8 bytes so it is possible to overread by up to 8 bytes
and overwrite up to 4 bytes.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to perform
it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used.
This CVE was fixed by the 1.1.1zd release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2025-9230
(* Security fix *)
patches/packages/openssl-solibs-1.1.1zd-i586-1_slack15.0.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zd-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zd-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zd-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zd-x86_64-1_slack15.0.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
5917ba00eca52d7e3377c051c02772a6 openssl-1.1.1zd-i586-1_slack15.0.txz
1d8b3745c638b4788d22abf581ab3c2d openssl-solibs-1.1.1zd-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
231482c02ec0e0ca42dffafaf8ef9e01 openssl-1.1.1zd-x86_64-1_slack15.0.txz
43b1705338bcd157b2e78f98d61ffd34 openssl-solibs-1.1.1zd-x86_64-1_slack15.0.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.1.1zd-i586-1_slack15.0.txz openssl-solibs-1.1.1zd-i586-1_slack15.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

 

TOP

Mailings :

Exploits :