OpenSSL Important Update
This week, experts have discovered a security flaw in the OpenSSL encryption software. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
As usual the version numbers stay the same and the minor numbers increment so do not look for 1.0.1h or 0.9.8za but for 1.0.1e-16.el6_5.14 and 0.9.8e-18.el6_5.2 on CentOS 6 after successful upgrade.