I run Fedora 20 and have just got the latest upgrade of SSL. Yesterday it was:
openssl-libs-1.0.1e-37.fc20.1.x86_64
openssl-1.0.1e-37.fc20.1.x86_64
With the last entry in the "libs" change log being Mon Apr 07 2014.
Today:
openssl-libs-1.0.1e-38.fc20.x86_64
openssl-1.0.1e-38.fc20.x86_64
From the "libs" changelog (removed the accents from the name):
* Thu Jun 05 2014 Tomas Mraz 1.0.1e-38
- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
Not bad a fix, virtually on the same day the vulnerability is announced. Of course in a production environment you should not be using Fedora but if you are using Redhat there is a fix already, however any self respecting System Admin should now be raising change requests to upgrade the relevant packages (you most likely don't even need a reboot although managers normally feel better with one) after checking with their software support. Actually the same procedures should apply for any Linux distribution that is used in a production environment.