[CLSA-2021:1634922881] Fix of CVE: CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2021-3712
Type:
security
Severity:
moderate
Release date:
2021-10-22
Description:
- fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1
Updated packages:
  • openssl-1.0.1e-62.el6.cloudlinux.els.i686.rpm
    sha:0cba5e970f17e6cccdaa7df739a5e41d97d969c9
  • openssl-perl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:15f6bd16fe45db7306a5f099881d0f60641b50fb
  • openssl-static-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:a811b703a2165a7f8d4674f310ea87ed7dfe1815
  • openssl-devel-1.0.1e-62.el6.cloudlinux.els.i686.rpm
    sha:6df568f38a46786e31d13531a9820d8a0e5f9a80
  • openssl-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:3b7a33e183f59e8826502b1c73c68b55e49b84ce
  • openssl-devel-1.0.1e-62.el6.cloudlinux.els.x86_64.rpm
    sha:850b11f0e2fff292f2c03e6dc8db6b7c97003ddc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.