FREAK: OpenSSL vulnerability (CVE-2015-0204)
Posted by Steve N on 05 March 2015 11:02 PM
In January 2015, Red Hat Product Security addressed the CVE-2015-0204 vulnerability in OpenSSL with this advisory: RHSA-2015-0066. The vulnerability was rated as
OpenSSL clients accepted EXPORT-grade (insecure) keys even when the client had not initially asked for them. This could be exploited using a man-in-the-middle attack,
While the use of EXPORT-grade ciphers is disabled by default in OpenSSL shipped with the latest versions of Red Hat Enterprise Linux (6.6 and 7.0), it can be enabled
The version of OpenSSL shipped with Red Hat Enterprise Linux 5 is also affected. As Red Hat Enterprise Linux 5 is now in the Production 3 phase of the support and
To eliminate the possibility of exploitation, install the updated OpenSSL packages that have been made available through this advisory: RHSA-2015-0066.
To install the updates, use the yum package manager as follows:
To only update the OpenSSL package and its dependencies, use:
yum update openssl
You can check the freak vulnerability using the following link "http://www.nagios.com/freak-vulnerability-tester"
If you find your server still has this vulnerability, please feel free to contact our support ASAP.