ESA-21: EuStore EMIs are affected by OpenSSL Vulnerabilities
2 views
Skip to first unread message
Eucalyptus Security Team
Jun 6, 2014, 10:13:35 PM6/6/14
to security...@eucalyptus.com
ESA-21: EuStore EMIs are affected by OpenSSL Vulnerabilities
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-21
Issue Date: 2014-06-06
Last Updated: 2014-06-06
Severity Level: Important
Affected Versions: EuStore EMIs
CVE Number: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
====================================================================
OVERVIEW
------------
A number of security issues have been reported in OpenSSL library, affecting multiple Linux distributions. All Eucalyptus starter EMIs available at http://emis.eucalyptus.com/ that have OpenSSL installed are potentially affected. We recommend updating all affected EMIs and instances launched from them to the latest OpenSSL packages available from the corresponding distributions as soon as possible.
DESCRIPTION
-------------
Description of the security issues is available on the OpenSSL website:
https://www.openssl.org/news/secadv_20140605.txt
All Eucalyptus starter EMIs available at http://emis.eucalyptus.com/ that have OpenSSL installed are potentially
affected by these vulnerabilities. Updates fixing the issues are available from various Linux distributions:
http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html
https://security-tracker.debian.org/tracker/CVE-2014-0224
https://lists.fedoraproject.org/pipermail/announce/2014-June/003216.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00003.html
WORKAROUND
-------------
We are working on updating EMIs at http://emis.eucalyptus.com. Meanwhile, all instances launched from affected EMIs can be updated at runtime.
On Centos:
# yum update openssl
On Fedora:
# yum upgrade openssl
On Debian:
# apt-get update
# apt-get install openssl
On OpenSUSE:
# zypper update openssl
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-21
Issue Date: 2014-06-06
Last Updated: 2014-06-06
Severity Level: Important
Affected Versions: EuStore EMIs
CVE Number: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
====================================================================
OVERVIEW
------------
A number of security issues have been reported in OpenSSL library, affecting multiple Linux distributions. All Eucalyptus starter EMIs available at http://emis.eucalyptus.com/ that have OpenSSL installed are potentially affected. We recommend updating all affected EMIs and instances launched from them to the latest OpenSSL packages available from the corresponding distributions as soon as possible.
DESCRIPTION
-------------
Description of the security issues is available on the OpenSSL website:
https://www.openssl.org/news/secadv_20140605.txt
All Eucalyptus starter EMIs available at http://emis.eucalyptus.com/ that have OpenSSL installed are potentially
affected by these vulnerabilities. Updates fixing the issues are available from various Linux distributions:
http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html
https://security-tracker.debian.org/tracker/CVE-2014-0224
https://lists.fedoraproject.org/pipermail/announce/2014-June/003216.html
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00003.html
WORKAROUND
-------------
We are working on updating EMIs at http://emis.eucalyptus.com. Meanwhile, all instances launched from affected EMIs can be updated at runtime.
On Centos:
# yum update openssl
On Fedora:
# yum upgrade openssl
On Debian:
# apt-get update
# apt-get install openssl
On OpenSUSE:
# zypper update openssl
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.
Reply all
Reply to author
Forward
0 new messages