OpenSSL package within CentOS 6 Extended Lifecycle Support with a fix for the CVE-2020-1971 has been scheduled for gradual rollout

We are happy to announce that a new openssl-1.0.1e-59.cloudlinux.els6 package within CentOS 6 extended lifecycle support has been scheduled for gradual rollout from our production repository.

This update contains a fix for the new CVE-2020-1971 that causes servers’ disruptions via x509v3 certificate fields.

Rollout slot: 2

Rolled out to: 1%

ETA for 100% rollout: December, 23

Errata: https://errata.cloudlinux.com/els6/CLSA-2020-1605798462.html

Changelog

openssl-1.0.1e-59.cloudlinux.els6

• EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

Update command

yum update openssl*

Immediate update (via bypass)

yum update openssl* --enablerepo=ELS6-rollout-2-bypass