When it rains, it pours... Begin forwarded message:
> From: "Red Hat" <em...@engage.redhat.com> > Subject: [Technical Security Alert] OpenSSL CCS Injection Security > Vulnerability > Date: June 5, 2014 at 11:52:45 AM MDT > To: an...@linizen.com > Reply-To: "Red Hat" <customerserv...@redhat.com> > > View in a Web Browser > > OPENSSL CCS INJECTION SECURITY VULNERABILITY > > > > Red Hat was recently notified of a vulnerability affecting all versions of > OpenSSL shipped with certain Red Hat products. The CCS Injection > vulnerability (CVE-2014-0224) could allow for a man-in-the-middle attack > against an encrypted connection, making it possible for an attacker to > intercept an encrypted data stream and allowing them to decrypt, view and > then manipulate this data. > > The vulnerability can only be exploited if both server and client are > vulnerable to this issue. In the event that only one of the two is > vulnerable, there is no risk of exploitation. > > This vulnerability cannot be used to extract server or client side key > material. This means that existing signed certificates do not need > replacement once software is updated. > > To ensure they are not vulnerable to this issue, users running any previous > version of OpenSSL should update to the most recent version. > > Red Hat Access Labs has released the CCS Injection Detector to help validate > if customer servers have been patched against this vulnerability. > > For links to product-specific advisories for affected Red Hat products > including patches, please visit this Knowledge Article in the Red Hat > Customer Portal. > > If you have further questions or concerns please contact Red Hat Technical > Support. > > . > > If you have trouble logging into the Red Hat Customer Portal, login > assistance can help. If you have any questions or concerns about your Red Hat > subscription, you can always contact us. > GET CONNECTED WITH RED HAT SUPPORT > Contact our Sales Team Read our Privacy Policy > > "Red Hat" and the "Shadowman" logo are trademarks or registered trademarks of > Red Hat, Inc. Linux is a registered trademark of Linus Torvalds. > > © 2013 Red Hat, Inc. All rights reserved. > 100 E Davie Street > Raleigh, NC 27601 > > Unsubscribe from all Red Hat email > >
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
