TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

This means that most packages using OpenSSL will need to be patched and
rolled out. This also includes almost any webserver utilizing SSL,
including those on embedded systems.

Red Hat has released updates for httpd and mod_ssl that include these
patches. It is recommended that all web servers utilizing SSL be
updated as soon as possible to avoid this potential attack. More
information can be referenced below.

Please let me know which of your servers need to be updated and their
status as you go through the process.

http://extendedsubset.com/?p=8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://www.kb.cert.org/vuls/id/120541
http://www.openssl.org/news/secadv_20091111.txt

Thanks,
Brian