OpenSSL CCS Injection Vulnerability (CVE-2014-0224) Alert

Latest response

See the details and frequently asked quesetions on this at this link https://access.redhat.com/site/articles/904433

This is different than 'heartbleed'.

Here is the info from openssl.org, - https://www.openssl.org/news/secadv_20140605.txt

At lwn.net, it says: "For the curious, Masashi Kikuchi, the discoverer of the MITM vulnerability, has posted the story of how it was found http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html".

An OpenSSL CCS Injection Detector (from redhat.com).
A perl version of the above to download, the offline detection tool (from redhat.com, see their note on false positives).

The Red Hat Enterprise Linux CVE response https://access.redhat.com/security/cve/CVE-2014-0224, and the bugzilla on this.

Here are the resolution instructions for Red Hat Enterprise Linux at solution id 905793.

R. Hinton's picture
Log in to join the conversation

Responses

David Powles's picture Red Hat 25369 points
6 June 2014 5:16 AM

Great summary of available resources on this CVE, Remmele, much appreciated.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.