ESA-18: Update OpenSSL Packages to Address HeartBleed Bug
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-18
Issue Date: 2014-04-10
Last Updated: 2014-04-10
Severity Level: Informational
Affected Versions: Centos 6.5, RHEL 6
CVE Number: CVE-2014-0160
====================================================================
OVERVIEW
------------
The HeartBleed Bug is a serious vulnerability found in OpenSSL. All Eucalyptus installs on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages:
-
https://rhn.redhat.com/errata/RHSA-2014-0376.html
-
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
DESCRIPTION
-------------
The HeartBleed Bug is a very serious issue in OpenSSL the cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers.
The OpenSSL library provided by a host OS is a dependency for the Eucalyptus and both its User Console and Faststart products. To ensure that Eucalyptus is not affected by the HeartBleed Bug, all installs running on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages.
SOLUTION
-------------
Upgrade to the latest OpenSSL package provided by your distribution:
-
https://rhn.redhat.com/errata/RHSA-2014-0376.html
-
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at
secu...@eucalyptus.com.