ClickCease CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout completed - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout completed

September 20, 2021 - TuxCare PR Team

A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

CHANGELOG

openssl-1.0.1e-62.el6.cloudlinux.els

  • Fix handling ASN.1 string as NULL terminated leads to read buffer overrun (CVE-2021-3712)
  • Fix excessively large primes in DH key generation (CVE-2018-0732)
  • Fix RSA key generation cache timing vulnerability (CVE-2018-0737)
  • Fix stack overflow parsing recursive ASN.1 structure (CVE-2018-0739)
  • Fix out-of-bounds read (CVE-2017-3735)

UPDATE COMMAND

yum update openssl*

 

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter
Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter
close-link