OpenSSL Vulnerability - CVE-2014-0224

Good afternoon

We have been using a scanning tool (Nessus Vulnerability Scanner) to identify security vulnerabilities. It has identified two systems which were being flagged with respect to CVE-2014-0224: OpenSSL 'ChangeCipherSpec' MiTM Vulnerability' and, after the most recent errata was applied, one of the two servers is no longer being flagged with this vulnerability.

Both systems have the same version of OpenSSL (0.9.8e-27). Not sure why one of them is still being flagged and the other is not. According to the openssl.org site, 0.9.8za is the version that remediates this and they indicate that 0.9.8e is affected.

At this point, I'm unsure how to proceed and how to remediate this issue on the remaining server.

Any ideas? Thanks!!