It looks like Redhat/CentOS won't fix the recent OpenSSL vulnerabilities?
https://access.redhat.com/solutions/2298211
I believe these issues are critical security incidents, which should be taken care by RH in the "Production 3 phase of the support and maintenance life cycle." I really hope they do something for RHEL5