ClickCease CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CentOS 6 ELS: openssl package with the fix for several CVEs gradual rollout

September 13, 2021 - TuxCare PR Team

A new updated openssl package with the fix for several CVEs within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

 

Rollout slot: 3
Rolled out to: 0.1%
ETA for 100% rollout: September 21


CHANGELOG

openssl-1.0.1e-62.el6.cloudlinux.els

  • Fix handling ASN.1 string as NULL terminated leads to read buffer overrun (CVE-2021-3712)
  • Fix excessively large primes in DH key generation (CVE-2018-0732)
  • Fix RSA key generation cache timing vulnerability (CVE-2018-0737)
  • Fix stack overflow parsing recursive ASN.1 structure (CVE-2018-0739)
  • Fix out-of-bounds read (CVE-2017-3735)

UPDATE COMMAND

yum update openssl*

IMMEDIATE UPDATE (VIA BYPASS)

yum update openssl* --enablerepo=ELS6-rollout-3-bypass

 

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Strategies for Managing End-of-Life Operating...

End-of-life software is just a fact of our fast-paced technology...

January 30, 2023

Think You Can’t Afford Consistent...

Look, everyone knows that it’s a tough act. Thousands of...

January 17, 2023

Common Government Cybersecurity Standards –...

The public sector, including state and federal agencies, are at...

January 16, 2023

Which Linux Distro is Best...

If your organization deploys IoT solutions, you know that development...

December 1, 2022

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022