SUMMARY
CVE-2014-0160: OpenSSL Heartbleed Vulnerability resolution
CVE ID
CVE-2014-0160
DESCRIPTION
An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server.
RESOLUTION
If CentOS6, apply Unitrends security updates.
CentOS5: not affected
CentOS6: The default CentOS6.5 openssl-1.0.1e-15.el6 is affected.
Fixed in openssl-1.0.1e-16.el6_5.7 or later. Unitrends security updates include openssl-1.0.1e-42.el6.