OpenSSL and cURL packages within CloudLinux 6 Extended Lifecycle Support with a fix for the CVE-2020-1971 and the CVE-2020-8284 have been rolled out to 100%
We are happy to announce that new openssl-1.0.1e-59.cloudlinux.
This update contains a fix for the new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields and a fix for the CVE-2020-8284 (https://curl.se/docs/CVE-
Changelog
openssl-1.0.1e-59.cloudlinux.els6
- EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
curl-7.19.7-55.cloudlinux.els6
- Trusting FTP PASV responses (CVE-2020-8284)
Update command
yum update openssl*
yum update curl*