Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
March 4, 2021 - TuxCare expert team
A flaw in the way OpenSSL API function X509_issuer_and_serial_hash() has been disclosed that may lead applications using it to crash, causing a potential denial-of-service (DoS) to their users.
The flaw lies in the way a hash is calculated from the Issuer and Serial Number data of an X509 certificate, which can make OpenSSL fail returning a NULL value. In turn, this can crash the application calling the function.
The exploit comes from a maliciously created X509 certificate containing specially crafted Issuer and Serial Number fields that trigger this behavior.
Note that OpenSSL itself never calls this function, only third party applications that use it are at risk.
You can find the CVE submission here:
It affects multiple applications like Tenable.sc 5.13.0 to 5.17.0, NetApp 5, and others.
The affected versions are OpenSSL 1.1.1i and below. If you are using any version in the 1.1.1 to 1.1.1i range, you should upgrade to 1.1.1j.
OpenSSL 1.0.2 is no longer supported by the OpenSSL team, but our Extended Lifecycle Support team has prepared the updated OpenSSL version 1.0.2 for deployment for our users, so if you rely on it for your application, it will be safe.
Extended Lifecycle Support service helps alleviate the urgency to either upgrade servers or leave them vulnerable to future exploits. The service makes it possible to run the retired operating system on any server for 4 more years past the EOL date. By using an end-of-life extended support system, administrators can protect critical servers from potential vulnerabilities while creating a migration plan for future upgrades.
CloudLinux offers continuing updates and support for end-of-life Linux distributions such as CentOS 6, Oracle Linux 6 and Ubuntu 16.04 LTS. There is no need for any changes to your servers — a simple single command to add a new repository file is all that’s needed. After the repository is added, CloudLinux continues to provide updates and security patches until June 2024. Learn more about Extended Lifecycle Support service on https://elsportal.com/
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...