New OpenSSL vulnerabilities: CloudFlare systems patched

On June 5, 2014, the OpenSSL team announced seven vulnerabilities affecting all versions of OpenSSL (0.9.8, 1.0.0, 1.0.1, and 1.0.2). The most severe issue is a potential on-path attack known as CCS Injection (CVE-2014-0224), with more technical details provided by Google's Adam Langley and the original problem reporter. CloudFlare has patched its servers, protecting customers from these vulnerabilities. Users of OpenSSL are advised to upgrade their software or server as soon as possible, as new versions have been released by the OpenSSL team.