Heartbleed security advisory - Eucalyptus response

Follow

You may have heard of the recently announced openssl security vulnerability nicknamed “Heartbleed (CVE-2014-0160).” You can read more about it directly from OpenSSL’s site here:

 https://www.openssl.org/news/secadv_20140407.txt

 or

 heartbleed.com

Eucalyptus has issued our security advisory as well here: https://www.eucalyptus.com/resources/security/advisories/esa-17

Some of the images in our EuStore collection contained versions of openssl carrying the vulnerability. They have since been patched and replaced in EuStore.

However, you must take action in order to update your own images and currently running instances, should you be using one of those found to be vulnerable. To test your image, you may test servers using the following:

 http://filippo.io/Heartbleed/

Please ensure you have updated any Eucalyptus installs on EL6.5 to the

latest openssl package:

https://rhn.redhat.com/errata/RHSA-2014-0376.html

http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

Have more questions? Submit a request

Comments

Powered by Zendesk