OpenSSL July 2015 Update

On July 9, 2015, OpenSSL issued a security update to correct an issue opened by its June update. Specifically, this issue relates to alternative chains certificate forgery (CVE-2015-1793), i.e. an ability to “cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and ‘issue’ an invalid certificate.”

The issue affects both client and server side certificate verification in OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. This issue does not affect Zimbra Collaboration. The latest Zimbra packaging of Zimbra Collaboration (8.6) relies on OpenSSL 1.0.1l for cryptographic functionality.

Aside from Zimbra and for those using OpenSSL elsewhere with the ability to update the OpenSSL package, please upgrade:

  • 0.2b/1.0.2c upgrade to 1.0.2d
  • 0.1n/1.0.1o upgrade to 1.0.1p


Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures