Release Info

Advisory: CLSA-2021:1632262317

OS: CentOS 6 ELS

Public date: 2021-09-21 00:00:00

Project: openssl

Version: 1.0.1e-62.el6.cloudlinux.els

Errata link: https://errata.cloudlinux.com/els6/CLSA-2021-1632262317.html

Changelog

- fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1

Update

Packages list

openssl-static-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm openssl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm openssl-devel-1.0.1e-62.el6.cloudlinux.els.i686.rpm openssl-perl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm openssl-1.0.1e-62.el6.cloudlinux.els.i686.rpm openssl-devel-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm

CVEs

CVE-2021-3712
CVE-2018-0737
CVE-2017-3735
CVE-2018-0739
CVE-2018-0732