Thursday, June 5, 2014

OpenSSL CCS Injection Vulnerability

A number of OpenSSL security vulnerabilities were announced on 2014-06-05 that affect most versions of OpenSSL currently in use. The most significant one was CVE-2014-0224, which allows an attacker to intercept communications between two vulnerable OpenSSL implementations (such as a browser and a web server). In most web-related scenarios (i.e Bitnami), that is not an issue since consumer browsers do not typically use OpenSSL.

Having said that, this is an important security issue and we recommend all Bitnami users to upgrade their servers if their Bitnami application was released previous to 2014-06-05. For that purpose we have released a patch installer that can be downloaded and run in your systems.

You can find detailed instructions in this wiki post