-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Fedora, this morning, released the latest version of OpenSSL which fixes a MITM CCS injection attack (CVE-2014-0224). This vulnerability made a man-in-the-middle attack possible when both sides were using a vulnerable OpenSSL implementation. It is highly recommended that all users update their openssl packages (sudo yum update openssl) and verify that they have the openssl-1.0.1e-38 RPM installed. A restart of any service that is using OpenSSL is required for this fix to become active. Additional information can be found on the Red Hat Security Blog[0] or the errata[1][2]. [0] https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/ [1] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc20 [2] https://admin.fedoraproject.org/updates/openssl-1.0.1e-38.fc19 - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project Security Team Red Hat Product Security sparks@xxxxxxxxxxxxxxxxx - sparks@xxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTkHx1AAoJEB/kgVGp2CYv8NEL/jj6Z4gmgKUM6f/Gva7HO/jX S/rGKWwAoErsjj+Te5pw0Y5uajHnVnsL5BschH9oRSWrJdrc2IInZJpdec2/rGwr 37OmIl64aRYZhamTJE+JE+bAt74TxLlBmk7BHxEyAEp8+aMaXbgML2wrB5/BBJ+d AuS7F/IlG0BDHyQ4i9FQfEEmt98KP9TGGphHx6pNKyQ7uxf/BVjk8su2YwQ7cvKq eJBARdcK5YX+qu6cf1PFasEWie4DWZSvHo0YznG1zlYQkOnn4gPyLnRqLV32CFC2 WbXljyieyWD2AaU/5BYaHQ/HXCU08tU93RQyUTGyLTqIvV0Ikcwjxy0KKB/4MUuH TP2iuh5p5ZinAi1zEcUNV8R35KVukTNGUZz+h4pCXL2ylJt6bJZIPyq+lZ+keORZ I/ea+IsoFlzzzPVvD8nuSwsSCtM04R4I0nFNuwFLFqVT5vJYfiMgmDqJbJM1wM4G VefBRhbqy8yJnc+XF+zmKY5S626HFEjyAtRW4OfnMw== =5st6 -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
