1. Floren
    National Vulnerability Database issued CVE-2014-0224: A CCS Injection vulnerability could allow for a man-in-the-middle attack against an encrypted connection, making it possible for an attacker to intercept an encrypted data stream and allowing them to decrypt, view and then manipulate this data.

    Masashi Kikuchi explains in his blog entry how he discovered the bug, which existed since the very first release of OpenSSL.

    To ensure they are not vulnerable to this issue, users running any previous version of OpenSSL should update to the most recent version. We updated the AXIVO repository to latest OpenSSL 1.0.1h release.