Home / mailingsPDF  

[slackware-security] openssl (SSA:2026-168-05)

Posted on 18 June 2026
Slackware Security

[slackware-security] openssl (SSA:2026-168-05)

New openssl packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.1.1zh-i586-1_slack15.0.txz: Upgraded.
Apply patch to fix the following security issues:
Heap Buffer Over-read in ASN.1 Content Parsing.
Possible NULL Dereference in Password-Based CMS Decryption.
Heap Use-After-Free in the PKCS7_verify() Function.
Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion.
Out-of-Bounds Read in CMS Password-Based Decryption.
These CVEs were fixed by the 1.1.1zh release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
https://www.cve.org/CVERecord?id=CVE-2026-34180
https://www.cve.org/CVERecord?id=CVE-2026-42766
https://www.cve.org/CVERecord?id=CVE-2026-45447
https://www.cve.org/CVERecord?id=CVE-2026-7383
https://www.cve.org/CVERecord?id=CVE-2026-9076
(* Security fix *)
patches/packages/openssl-solibs-1.1.1zh-i586-1_slack15.0.txz: Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zh-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zh-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zh-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zh-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-3.5.7-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-3.5.7-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-3.5.7-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-3.5.7-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
4bacef1ac6875a75b880462748dcb04d openssl-1.1.1zh-i586-1_slack15.0.txz
5886fb3b3800391012a8aff7fbdac2de openssl-solibs-1.1.1zh-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
2a2109b035289903b46620b06ac4b5db openssl-1.1.1zh-x86_64-1_slack15.0.txz
47bca2f40e7efb3fec646a72990155e5 openssl-solibs-1.1.1zh-x86_64-1_slack15.0.txz

Slackware -current packages:
e60936abed76795cbf66bf883e7fbc55 a/openssl-solibs-3.5.7-i686-1.txz
59d276ff0bc9816c1a92f804daf0debb n/openssl-3.5.7-i686-1.txz

Slackware x86_64 -current packages:
b6ad454e84c6b96034cb79dbb8b166d6 a/openssl-solibs-3.5.7-x86_64-1.txz
3cd5ada338b376d73f9f379a4fcefbc4 n/openssl-3.5.7-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg openssl-1.1.1zh-i586-1_slack15.0.txz openssl-solibs-1.1.1zh-i586-1_slack15.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

 

TOP

Mailings :

Exploits :