OpenSSL MITM CCS injection attack (CVE-2014-0224)

[Eric H. Christensen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Fedora, this morning, released the latest version of OpenSSL which fixes a MITM CCS injection attack (CVE-2014-0224).  This vulnerability made a man-in-the-middle attack possible when both sides were using a vulnerable OpenSSL implementation.  It is highly recommended that all users update their openssl packages (sudo yum update openssl) and verify that they have the openssl-1.0.1e-38 RPM installed.  A restart of any service that is using OpenSSL is required for this fix to become active.

Additional information can be found on the Red Hat Security Blog[0] or the errata[1][2].

[0] https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/
[1] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc20
[2] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc19

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project Security Team
Red Hat Product Security

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTkHx1AAoJEB/kgVGp2CYv8NEL/jj6Z4gmgKUM6f/Gva7HO/jX
S/rGKWwAoErsjj+Te5pw0Y5uajHnVnsL5BschH9oRSWrJdrc2IInZJpdec2/rGwr
37OmIl64aRYZhamTJE+JE+bAt74TxLlBmk7BHxEyAEp8+aMaXbgML2wrB5/BBJ+d
AuS7F/IlG0BDHyQ4i9FQfEEmt98KP9TGGphHx6pNKyQ7uxf/BVjk8su2YwQ7cvKq
eJBARdcK5YX+qu6cf1PFasEWie4DWZSvHo0YznG1zlYQkOnn4gPyLnRqLV32CFC2
WbXljyieyWD2AaU/5BYaHQ/HXCU08tU93RQyUTGyLTqIvV0Ikcwjxy0KKB/4MUuH
TP2iuh5p5ZinAi1zEcUNV8R35KVukTNGUZz+h4pCXL2ylJt6bJZIPyq+lZ+keORZ
I/ea+IsoFlzzzPVvD8nuSwsSCtM04R4I0nFNuwFLFqVT5vJYfiMgmDqJbJM1wM4G
VefBRhbqy8yJnc+XF+zmKY5S626HFEjyAtRW4OfnMw==
=5st6
-----END PGP SIGNATURE-----