Update: 13 June 2019 – Remember that the OpenSSL project has a budget of less than one million USD per year and depends mainly on donations. With this in mind, it is very important that you keep an eye on OpenSSL news and OpenSSL NewslogAnd be sure to upgrade whenever there’s a new release.
A new set of security updates for OpenSSL were released this morning to address various security vulnerabilities, some of which are considered “high” severity. Please update as soon as possible. To update keep an eye out for Linux distro updates via package managers like yum, apt-get, etc. Control Panel updates for cPanel and others will be released in the next few days.
The main bug is a denial-of-service condition that only affects version 1.0. OpenSSL also re-classified the Freak vulnerability as High. This bug allows an attacker to downgrade the crypto on the server to 512 bits, intercepting encrypted traffic and decrypting it. OpenSSL was notified on October 22 about the FREAK, which stands for Factoring Related Attacks on RSA Keys. There are a dozen other vulnerabilities (nine rank medium, and three low) in older versions that were patched today as well.