An updated rhel-guest-image package that includes OpenSSL packages that arenot vulnerable to the CVE-2014-0160 issue is now available for Red HatEnterprise Linux 6.
The rhel-quest-image package provides a Red Hat Enterprise Linux 6.5 KVMGuest Image for cloud instances. This image is provided as a minimallyconfigured system image that is available for use as-is, or forconfiguration and customization as required by end users.Red Hat has released updated OpenSSL packages to address the “Heartbleed”issue (CVE-2014-0160). These updated packages are available for existingsystems built with the rhel-guest-image package via “yum update openssl”.In addition, to ensure minimized exposure to this vulnerability and toreduce the risk of deploying new systems with the vulnerable OpenSSLpackages, Red Hat is releasing this updated rhel-guest-image package, whichincludes OpenSSL packages that are not vulnerable to the CVE-2014-0160issue. (BZ#1086842)Users of rhel-guest-image are advised to upgrade to this updated package,which includes the updated OpenSSL packages.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: