Appliance update: OpenSSL MITM
Posted: Tue Jun 10, 2014 2:07 pm
This openssl update fixes multiple vulnerabilities. Most notably CVE-2014-0224 which allows MITM (Man-In-The-Middle) attacks. Affected appliances currently running 0.9.8 or 1.0 are vulnerable and should be updated to either 0.9.8e-27.el5_10.3 or 1.0.1e-16.el6_5.14 as will be displayed under "Update Software" or "Check for Updates" on older systems.
Those upgrading to 1.0.1e-16.el6_5.14 will also need to update "make" at the same time.
Those upgrading to 0.9.8e-27.el5_10.3 on non-VM systems must update both 64 bit and 32 bit versions at the same time.
All fixed vulnerabilities are listed under "View Details" on the software update page of the appliance.
Those upgrading to 1.0.1e-16.el6_5.14 will also need to update "make" at the same time.
Those upgrading to 0.9.8e-27.el5_10.3 on non-VM systems must update both 64 bit and 32 bit versions at the same time.
All fixed vulnerabilities are listed under "View Details" on the software update page of the appliance.