- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 4(ELS)
The exploit affects systems that are servers offering an OpenSSL connection, or clients connecting to vulnerable servers.
In order to avoid exploitation from CVE-2014-0224, ensure that your system is updated to at least the following versions of OpenSSL.
- Red Hat Enterprise Linux 7 - openssl-1.0.1e-34.el7_0.3
- Red Hat Enterprise Linux 6 - openssl-1.0.1e-16.el6_5.14
- Red Hat Enterprise Linux 5 - openssl-0.9.8e-27.el5_10.3
- Red Hat Enterprise Linux 7 - openssl098e-0.9.8e-29.el7_0.2
- Red Hat Enterprise Linux 5 - openssl097a-0.9.7a-12.el5_10.1
- Red Hat Enterprise Linux 6 - openssl098e-0.9.8e-18.el6_5.2
- Red Hat Enterprise Linux 4 Extended Lifecycle Support - openssl-0.9.7a-43.22.el4
- Red Hat Enterprise Linux 5.6 Long Life - openssl-0.9.8e-12.el5_6.12
- Red Hat Enterprise Linux 5.9 Extended Update Support - openssl-0.9.8e-26.el5_9.4
- Red Hat Enterprise Linux 6.2 Advanced Update Support - openssl-1.0.0-20.el6_2.7
- Red Hat Enterprise Linux 6.3 Extended Update Support - openssl-1.0.0-25.el6_3.3
Red Hat Enterprise Linux 6.4 Extended Update Support - openssl-1.0.0-27.el6_4.4
In order to update to the most recent version of the OpenSSL package run the following command:
# yum update openssl
- Specify the package name in order to update to a particular version of OpenSSL. For example, to update a Red Hat Enterprise Linux 6.5 system run:
# yum update openssl098e-0.9.8e-18.el6_5.2
- The only way to fix it is to install updated OpenSSL packages and restart affected services.
The safest & simplest thing to do is to perform a system reboot.
Carry out the following operation if system cannot be reboot.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
For more information about this Vulnerability, refer to the following article:
OpenSSL CCS Injection Vulnerability (CVE-2014-0224) Alert
- To determine if a system is affected by this vulnerability, review the version of OpenSSL:
# rpm -qa openssl
Additionally, Red Hat Access Labs has released the CCS Injection Detector to help validate if your systems have been patched against this vulnerability.
Note: This vulnerability cannot be used to extract server or client side key material. This means that existing signed certificates do not need replacement once software is updated.
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.