OpenSSL issued a security advisory on 19th March, 2015.
The advisory lists two high severity bugs. Cumulus Linux runs OpenSSL 1.0.1e, so some of the vulnerabilities in this alert do not apply, including one of the two high severity issues, CVE-2015-0291, which is a denial-of-service condition that only affects version 1.0.2 of the crypto library.
The second high severity issue, CVE-2015-0204 does impact OpenSSL 1.0.1e, and a patch is available. Cumulus Networks recommends you upgrade OpenSSL to version 1.0.1e-2+deb7u15, the Debian version of OpenSSL with the fixes backported from OpenSSL 1.0.1m.
To update OpenSSL, run
apt-get on your switches:
There are also 12 other vulnerabilities (9 moderate and 3 low) in various versions of OpenSSL that were also patched, listed here in order of severity: