cURL package within CentOS 6 Extended Lifecycle Support with a fix for the CVE-2020-8284 has been scheduled for gradual rollout

We are happy to announce that a new curl-7.19.7-55.cloudlinux.els6 package within CentOS 6 extended lifecycle support has been scheduled for gradual rollout from our production repository.

This update contains a fix for a new CVE-2020-8284 (https://curl.se/docs/CVE-2020-8284.html).

Errata: https://errata.cloudlinux.com/els6/CLSA-2020-1605798462.html

Rollout slot: 1

Rolled out to: 1%

ETA for 100% rollout: December, 23

Changelog

curl-7.19.7-55.cloudlinux.els6

• Trusting FTP PASV responses (CVE-2020-8284)

Update command

yum update curl*

Immediate update (via bypass)

yum update curl* --enablerepo=ELS6-rollout-1-bypass