Read about it more in detail here on Redhat’s site. This vulnerability affects all applications using certain versions of OpenSSL, so this is a cross-platform issue.
This isn’t nearly as atrocious as Heartbleed was as there isn’t a chance of leaking your private keys. However, if you use Qualsys labs excellent SSL web scanner to check your site’s security, this will immediately degrade your web application to an “F”.
Scrutiny of SSL has been ramped up significantly in the wake of Heartbleed, so if your application deals with any kind of regulated data I suggest you patch your servers immediately.
For Ubuntu users, this means it is time to do an OS upgrade to 14.04 LTS if you aren’t running a previous LTS version that is still receiving security updates…
do-release-upgrade your way to a safer tomorrow…
I have tagged this post with “heartbleed” as folks researching that issue need to pay attention to this one as well. The fix is the same; patch OpenSSL!
Regards!
References:
https://access.redhat.com/site/articles/904433
https://www.ssllabs.com/ssltest/analyze.html
CCS Injection Tools in Website
http://www.cyberbannews.com/s1/ssl.php
Thankful