On June 5th, the OpenSSL project announced CVE-2014-0224, a vulnerability that enabled man-in-the-middle-attacks (MITM) and potentially allowed for the decryption and modification of data communication between client and server. A quick audit was ran by the DOSarrest team, and a subsequent set of upgrades to OpenSSL 1.0.0m was implemented without any disruption.
For further details on this latest OpenSSL flaw, you can visit this site. It is highly recommended to upgrade if your version of OpenSSL falls within the following areas:
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Jag Bains
CTO, DOSarrest Internet Security
