Thursday, June 5, 2014

OpenSSL MITM CCS injection attack (CVE-2014-0224)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Fedora, this morning, released the latest version of OpenSSL which fixes a MITM CCS injection attack (CVE-2014-0224). This vulnerability made a man-in-the-middle attack possible when both sides were using a vulnerable OpenSSL implementation. It is highly recommended that all users update their openssl packages (sudo yum update openssl) and verify that they have the openssl-1.0.1e-38 RPM installed. A restart of any service that is using OpenSSL is required for this fix to become active.

Additional information can be found on the Red Hat Security Blog[0] or the errata[1][2].

[0] https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/
[1] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc20
[2] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc19

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project Security Team
Red Hat Product Security

sparks@fedoraproject.org - sparks@redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTkHx1AAoJEB/kgVGp2CYv8NEL/jj6Z4gmgKUM6f/Gva7HO/jX
S/rGKWwAoErsjj+Te5pw0Y5uajHnVnsL5BschH9oRSWrJdrc2IInZJpdec2/rGwr
37OmIl64aRYZhamTJE+JE+bAt74TxLlBmk7BHxEyAEp8+aMaXbgML2wrB5/BBJ+d
AuS7F/IlG0BDHyQ4i9FQfEEmt98KP9TGGphHx6pNKyQ7uxf/BVjk8su2YwQ7cvKq
eJBARdcK5YX+qu6cf1PFasEWie4DWZSvHo0YznG1zlYQkOnn4gPyLnRqLV32CFC2
WbXljyieyWD2AaU/5BYaHQ/HXCU08tU93RQyUTGyLTqIvV0Ikcwjxy0KKB/4MUuH
TP2iuh5p5ZinAi1zEcUNV8R35KVukTNGUZz+h4pCXL2ylJt6bJZIPyq+lZ+keORZ
I/ea+IsoFlzzzPVvD8nuSwsSCtM04R4I0nFNuwFLFqVT5vJYfiMgmDqJbJM1wM4G
VefBRhbqy8yJnc+XF+zmKY5S626HFEjyAtRW4OfnMw==
=5st6
-----END PGP SIGNATURE-----
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce

No comments:

Post a Comment