We are aware and reviewing all Globus services and Globus Toolkit components to determine the impact of the OpenSSL vulnerability described in CVE-2014-0224 (CCS Injection Vulnerability). We have created a page where details about this issue will be communicated.
https://support.globus.org/entries/71973746 Our initial assessment is that the nature of this CVE requires several unusual preconditions to be met and therefore the relative impact of this particular OpenSSL issue is low. However, as a precaution, we recommend that any host with Globus services (e.g. Globus Connect Server, GridFTP, MyProxy, GSI-OpenSSH, GRAM) running OpenSSL version 1.0.1 or earlier to update ASAP. Additional details about possible impacts to specific Globus services will follow. -Stu
