An updated rhel-guest-image package that includes OpenSSL packages, whichare not vulnerable to CVE-2014-0224 and CVE-2014-0195, is now available forRed Hat Enterprise Linux 6.
The rhel-quest-image package provides a Red Hat Enterprise Linux 6.5 KVMGuest Image for cloud instances. This image is provided as a minimallyconfigured system image that is available for use as-is, or forconfiguration and customization as required by end users.Red Hat has released updated OpenSSL packages to address the CVE-2014-0224and CVE-2014-0195 issues. These updated packages are available for existingsystems built with the rhel-guest-image package via “yum update openssl”.In addition, to ensure minimized exposure to these vulnerabilities and toreduce the risk of deploying new systems with the vulnerable OpenSSLpackages, Red Hat is releasing this updated rhel-guest-image package, whichincludes OpenSSL packages that are not vulnerable to the aforementionedissues. (BZ#1106849)Users of rhel-guest-image are advised to upgrade to this updated package,which includes the updated OpenSSL packages.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from: