ESA-17: The HeartBleed Bug Affects EuStore EMIs

0 views
Skip to first unread message

Eucalyptus Security Team

unread,
Apr 9, 2014, 11:27:55 PM4/9/14
to security...@eucalyptus.com
====================================================================
Eucalyptus Security Advisory

Advisory ID:                  ESA-17
Issue  Date:                  2014-04-09
Last Updated:    2014-04-09
Severity Level:             Critical
Affected Versions:        EuStore EMI 2714641871 (Fedora 18), EMI 0355237665 (Fedora 20),
                                    1424900416 (OpenSUSE 12.2), 3550541955 (Debian Wheezy)
CVE Number:               CVE-2014-0160
====================================================================

OVERVIEW
------------------------
The HeartBleed Bug is a serious vulnerability found in OpenSSL version 1.0.1 before 1.0.1g.  This vulnerability affects some of the images that are provided as a part of the Eucalyptus EuStore. We recommend that you immediately replace the affected EMIs with the newest version.


DESCRIPTION
------------------------
The HeartBleed Bug is a very serious issue in OpenSSL cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers. Several distributions are affected. For more information, refer to:


We identified that the following EuStore EMIs are potentially affected by the bug:

- 2714641871  fedora   x86_64 starter kvm  Fedora 18 1.7GB root
- 0355237665  fedora   x86_64 starter kvm  Fedora 20 2GB root
- 3550541955    debian   x86_64 starter kvm  Debian 7 1.7GB root
- 1424900416 opensuse x86_64 starter kvm  OpenSUSE 12.2 x86_64 - KVM image.

We strongly advise that you immediately update OpenSSL packages on all images/virtual machines installed from the affected EMIs.


WORKAROUND
------------------------
To update to the latest OpenSSL package, run the command that corresponds to your distribution.

On Fedora:
# yum upgrade openssl

On Debian:
# apt-get update
# apt-get install openssl

On OpenSUSE:
# zypper update openssl

SOLUTION
------------------------
Updated EMIs are available in the EuStore:


CONTACT and HELP
------------------------
Contact the Eucalyptus Security Team at secu...@eucalyptus.com.

signature.asc
Reply all
Reply to author
Forward
0 new messages