====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-17
Issue Date: 2014-04-09
Last Updated: 2014-04-09
Severity Level: Critical
Affected Versions: EuStore EMI 2714641871 (Fedora 18), EMI 0355237665 (Fedora 20),
1424900416 (OpenSUSE 12.2), 3550541955 (Debian Wheezy)
CVE Number: CVE-2014-0160
====================================================================
OVERVIEW
------------------------
The HeartBleed Bug is a serious vulnerability found in OpenSSL version 1.0.1 before 1.0.1g. This vulnerability affects some of the images that are provided as a part of the Eucalyptus EuStore. We recommend that you immediately replace the affected EMIs with the newest version.
DESCRIPTION
------------------------
The HeartBleed Bug is a very serious issue in OpenSSL cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers. Several distributions are affected. For more information, refer to:
We identified that the following EuStore EMIs are potentially affected by the bug:
- 2714641871 fedora x86_64 starter kvm Fedora 18 1.7GB root
- 0355237665 fedora x86_64 starter kvm Fedora 20 2GB root
- 3550541955 debian x86_64 starter kvm Debian 7 1.7GB root
- 1424900416 opensuse x86_64 starter kvm OpenSUSE 12.2 x86_64 - KVM image.
We strongly advise that you immediately update OpenSSL packages on all images/virtual machines installed from the affected EMIs.
WORKAROUND
------------------------
To update to the latest OpenSSL package, run the command that corresponds to your distribution.
On Fedora:
# yum upgrade openssl
On Debian:
# apt-get update
# apt-get install openssl
On OpenSUSE:
# zypper update openssl
SOLUTION
------------------------
Updated EMIs are available in the EuStore:
CONTACT and HELP
------------------------