CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout completed - TuxCare

CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout completed

TuxCare Team

September 20, 2021

changelog

A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

CHANGELOG

openssl-1.0.1e-62.el6.cloudlinux.els

  • Fix handling ASN.1 string as NULL terminated leads to read buffer overrun (CVE-2021-3712)
  • Fix excessively large primes in DH key generation (CVE-2018-0732)
  • Fix RSA key generation cache timing vulnerability (CVE-2018-0737)
  • Fix stack overflow parsing recursive ASN.1 structure (CVE-2018-0739)
  • Fix out-of-bounds read (CVE-2017-3735)

UPDATE COMMAND

yum update openssl*

 

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More
Dangerous remotely exploitable vulnerability ... Read More
Securing confidential research data ... Read More
State of Enterprise Vulnerability Detection ... Read More
Demand for Rapid Risk Elimination for ... Read More
TuxCare Free Raspberry Pi Patching Read More