The CCS injection vulnerability affecting all versions of OpenSSL allows for a man-in-the-middle attack against SSL/TLS connections. All Eucalyptus installs on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages:
This vulnerability allows for a man-in-the-middle attack against SSL/TLS connections in which data exchanged over the encrypted channel can be decrypted by an unauthorized party. The vulnerability can only be exploited if both server *and* client are vulnerable to the issue:
The OpenSSL library provided by a host OS is a dependency for the Eucalyptus and User Console products. To ensure that Eucalyptus cloud is not affected by the issue, all installs running on affected distributions need to be updated to the latest openssl packages.
SOLUTION
-------------
Upgrade to the latest OpenSSL package provided by your distribution: