A new OpenSSL package with the fix for the CVE-2021-23841 within CentOS 6 extended lifecycle support has been rolled out to 100% and is now available for download from our production repository.

On December 8, 2020 OpenSSL released an advisory patch for a high-risk null pointer dereference vulnerability found in the encryption library’s GENERAL_NAME_cmp() function.  CVE-2020-1971 (assigned name) is the High level vulnerability that cannot be ignored. The only level higher is the Critical level which happens maybe once in 5 years.