{"id":"MGASA-2015-0274","summary":"Updated openssl package fixes security vulnerability","details":"During certificate verification, OpenSSL (starting from version 1.0.1n and\n1.0.2b) will attempt to find an alternative certificate chain if the first\nattempt to build such a chain fails. An error in the implementation of\nthis logic can mean that an attacker could cause certain checks on\nuntrusted certificates to be bypassed, such as the CA flag, enabling them\nto use a valid leaf certificate to act as a CA and \"issue\" an invalid\ncertificate (CVE-2015-1793).\n","modified":"2026-02-01T05:37:12.506738Z","published":"2015-07-10T08:12:35Z","related":["CVE-2015-1793"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0274.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16333"},{"type":"REPORT","url":"https://www.openssl.org/news/secadv_20150709.txt"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1p-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0274.json"}},{"package":{"name":"openssl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2d-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0274.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}