To address CVE-2014-0160 OpenSSL Heartbleed Vulnerability

On the 7th of April, a critical vulnerability of OpenSSL has been found.

You can find more information about it below.

To address this vulnerability, please follow the steps below:

  1. If your OpenSSL version is 1.0.1 〜 1.0.1f, update to the fixed version ( 1.0.1g or later)
    # You can find the version of openssl to openssl version run .
  2. After updating OpenSSL, reboot the services using the library or server itself.
  3. Rotate any secrets or keys (e.g. your SSL certificates) that were used by the affected OpenSSL process.
    # Because you can’t find if the secret keys are leaked or not.

For OS’s which AMIMOTO AMI using, Amazon Linux, RedHat Linux Enterprise, CentOS, the fixed packages are distributed by yum.

These have been renamed instead of changing the version number, look at the package number by 、yum info opensslrpm -q openssl  and if the number is not the right one, update it and reboot the server.

How to find the package number.

$ yum info openssl
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 37.66.amzn1
Size        : 4.0 M
Repo        : installed
From repo   : amzn-updates
Summary     : Utilities from the general purpose cryptography library with
            : TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure
            : communications between machines. OpenSSL includes a
            : certificate management tool and shared libraries which
            : provide various cryptographic algorithms and protocols.
$ rpm -q openssl
openssl-1.0.1e-37.66.amzn1.x86_64

For Amazon Linux, it is fixed if the number is  37.66.amzn1 . Other distributions fixed numbers are as follows:

  • Amazon Linux openssl-1.0.1e-37.66.amzn1.x86_64
  • RHEL 6.5 openssl-1.0.1e-16.el6_5.7.x86_64
  • CentOS 6.5 openssl-1.0.1e-16.el6_5.7.x86_64

To update OpenSSL of AMIMOTO AMI, please follow the steps below:

$ sudo yum update -y openssl
 :
 ...
 :
update:
  audit.x86_64 0:2.3.2-3.19.amzn1  openssl.x86_64 1:1.0.1e-37.66.amzn1                                                  

Updated:
  audit-libs.x86_64 0:2.3.2-3.19.amzn1  glibc.x86_64 0:2.17-36.81.amzn1  glibc-common.x86_64 0:2.17-36.81.amzn1                    

Complete!

For AMIMOTO managed hosting, this issue is already fixed.

So the users may set your mind at ease.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk