OpenSSL issued a security advisory on 19th March, 2015.
The advisory lists two high severity bugs. Cumulus Linux 2.y.z is based on Debian Wheezy, so it runs OpenSSL 1.0.1e; some of the vulnerabilities in this alert do not apply, including one of the two high severity issues, CVE-2015-0291, which is a denial-of-service condition that only affects version 1.0.2 of the crypto library.
The second high severity issue, CVE-2015-0204 does impact OpenSSL 1.0.1e, and a patch is available. Cumulus Networks recommends you upgrade OpenSSL to version 1.0.1e-2+deb7u15, the Debian version of OpenSSL with the fixes backported from OpenSSL 1.0.1m.
To update OpenSSL, run
apt-get on your switches:
There are also 12 other vulnerabilities (9 moderate and 3 low) in various versions of OpenSSL that were also patched, listed here in order of severity: