[CLSA-2021:1632262317] Fixed CVEs in openssl: CVE-2021-3712, CVE-2018-0737, CVE-2018-0739, CVE-2018-0732
Type:
security
Severity:
Important
Release date:
2021-09-21
Description:
- fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1
Updated packages:
  • openssl-static-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:8caa5c2dc5d4211d457a7114577840a5510ec79c
  • openssl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:7ba53431233234ec798f93ca6bf307be104fe864
  • openssl-devel-1.0.1e-62.el6.cloudlinux.els.i686.rpm
    sha:bf1039e5de910db523529ac7b9f91afd9a099cf2
  • openssl-perl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:ea51c611cb766445f3f94d2417b360cf50f8533d
  • openssl-1.0.1e-62.el6.cloudlinux.els.i686.rpm
    sha:52cec450cf829a95ecd9e7f8a9ec5f084647517b
  • openssl-devel-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:56b3d143621154ebdb1fe8d43f0beb874576e85a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.