Synopsis:          Important: openssl security update
Advisory ID:       SLSA-2014:0376-1
Issue Date:        2014-04-08
CVE Numbers:       CVE-2014-0160
--

An information disclosure flaw was found in the way OpenSSL handled TLS
and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or
server could send a specially crafted TLS or DTLS Heartbeat packet to
disclose a limited portion of memory per request from a connected client
or server. Note that the disclosed portions of memory could potentially
include sensitive information such as private keys. (CVE-2014-0160)

For the update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or the
system rebooted.
--

SL6
  x86_64
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
  i386
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

- Scientific Linux Development Team