OpenSSL CCS Injection Security Alert (CVE-2014-0224)
Red Hat has released a new security advisory and tooling to help protect customers from OpenSSL's CCS Injection vulnerability (CVE-2014-0224). The vulnerability poses a threat for potential man-in-the-middle-attacks in certain situations. Variants of the following products can be affected:
- Red Hat Enterprise Linux
- Red Hat Storage
- Red Hat Enterprise Virtualization
- Red Hat JBoss Enterprise Application Platform
- Red Hat JBoss Web Server
- Red Hat JBoss Web Platform
In order to avoid impact, you should update to the newest version of OpenSSL available for their product. For additional details, see Information on CVE-2014-0224.
Red Hat Access Labs has released the CCS Injection Detector to help you validate your systems have been patched against this vulnerability.