Environment
Red Hat 6
Situation
The openssl versions openssl-1.0.1e-15 through openssl-1.0.1e-16.el6_5.4 had a significant bug called "heartbleed" CVE-2014-0160. The bug allows anyone with access to the server through the internet to read parts of memory. It was limited to 64kb at a time but can be repeated multiple times to gain confidential information even over a secure network since the bug is local to the server. Security keys, passwords, usernames, emails, and other confidential information could be leaked. While a hacker cannot request specific information it gets whatever is passing through RAM at that moment.
Resolution
The openssl-1.0.1e-16.el6_5.7 patch was released and needs to be applied. Patch using the normal Red Hat methods through the Subscription Management Tool (TID 7004324) or SuSE Manager (documentation).