Updated Fedora 19 and Fedora 20 packages for OpenSSL that address several issues (including CVE-2014-0224) are now available in Fedora. The Fedora Packages that contain the fixes for these issues are:
- openssl-1.0.1e-38.fc19 (Fedora 19)
- openssl-1.0.1e-38.fc20 (Fedora 20)
From the Red Hat Security Blog:
Among the recent issues fixed by the OpenSSL project in version 1.0.1h, the main one that will have everyone talking is the “Man-in-the-middle” (MITM) attack, documented by CVE-2014-0224, affecting the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols.
This vulnerability potentially affects encryption between services that both use a vulnerable version of OpenSSL.
Additional information can be found on the Red Hat Security Blog and questions can be routed to the Fedora Security list.