A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
- Fix handling ASN.1 string as NULL terminated leads to read buffer overrun (CVE-2021-3712)
- Fix excessively large primes in DH key generation (CVE-2018-0732)
- Fix RSA key generation cache timing vulnerability (CVE-2018-0737)
- Fix stack overflow parsing recursive ASN.1 structure (CVE-2018-0739)
- Fix out-of-bounds read (CVE-2017-3735)
yum update openssl*