RSS
Dec 9, 2020 2:25:29 PM
Inessa Atmachian
Inessa Atmachian
Inessa Atmachian, Technical Writer at CloudLinux. Crafting comprehensive product documentation and keeping users informed with release notes and updates.

OpenSSL and cURL packages within CloudLinux 6 Extended Lifecycle Support with a fix for the CVE-2020-1971 and the CVE-2020-8284 have been scheduled for gradual rollout

 

Extended-CL

We are happy to announce that new openssl-1.0.1e-59.cloudlinux.els6 and curl-7.19.7-55.cloudlinux.els6 packages within CloudLinux 6 extended lifecycle support have been scheduled for gradual rollout from our production repository.

This update contains a fix for the new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields and a fix for the CVE-2020-8284 (https://curl.se/docs/CVE-2020-8284.html).

Rollout slot: 2

Rolled out to: 1%

ETA for 100% rollout: December, 23

Changelog

openssl-1.0.1e-59.cloudlinux.els6

  • EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

curl-7.19.7-55.cloudlinux.els6

  • Trusting FTP PASV responses (CVE-2020-8284)

Update command

yum update openssl*
yum update curl*

Immediate update (via bypass)

yum update openssl* --enablerepo=cloudlinux-rollout-2-bypass
yum update curl* --enablerepo=cloudlinux-rollout-2-bypass

OpenSSL and cURL packages within CloudLinux 6 Extended Lifecycle Support with a fix for the CVE-2020-1971 and the CVE-2020-8284 have been scheduled for gradual rollout

Dec 9, 2020 2:25:29 PM
Inessa Atmachian

 

Extended-CL

We are happy to announce that new openssl-1.0.1e-59.cloudlinux.els6 and curl-7.19.7-55.cloudlinux.els6 packages within CloudLinux 6 extended lifecycle support have been scheduled for gradual rollout from our production repository.

This update contains a fix for the new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields and a fix for the CVE-2020-8284 (https://curl.se/docs/CVE-2020-8284.html).

Rollout slot: 2

Rolled out to: 1%

ETA for 100% rollout: December, 23

Changelog

openssl-1.0.1e-59.cloudlinux.els6

  • EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

curl-7.19.7-55.cloudlinux.els6

  • Trusting FTP PASV responses (CVE-2020-8284)

Update command

yum update openssl*
yum update curl*

Immediate update (via bypass)

yum update openssl* --enablerepo=cloudlinux-rollout-2-bypass
yum update curl* --enablerepo=cloudlinux-rollout-2-bypass
imunify-logo

WEB SERVER SECURITY BLOG

READ MORE ABOUT WEB SERVER SECURITY

Subscribe to CloudLinux Newsletter

aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Legal | Do Not Sell My Personal Data

Call Sales at +1 (800) 231-7307
Email sales@cloudlinux.com