7 Jun
2014
7 Jun
'14
4:01 a.m.
Obviously OpenSSL is getting the royal treatment of scrutiny now... these two bugs were fixed this week, and both are potentially very nasty.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 could allow remote arbitrary code execution in a default setup
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 was considered bad enough by the Fedora people to issue a separate warning statement (they almost never do that), though it depends on both sides using OpenSSL, which would be rare-ish in the browser world dominated by FF, Chrome, IE, etc, under normal use cases
Don't forget to restart your httpd (and every other "d" that uses OpenSSL) after updating!