HP Helion Eucalyptus Security Advisory
Advisory ID: 
ESA-17
Severity Level: 
Critical
Issue Date: 
2014-04-09
Last Updated: 
2014-04-10
Affected Products: 
EuStore EMI 2714641871 (Fedora 18), EMI 0355237665 (Fedora 20), 1424900416 (OpenSUSE 12.2), 3550541955 (Debian Wheezy)

Overview

The HeartBleed Bug is a very serious vulnerability found in OpenSSL 1.0.1 before 1.0.1g. This vulnerability affects some of the images that are provided as a part of the HP Helion Eucalyptus EuStore. We recommend that you immediately replace the affected EMIs with the newest versions.

Description

The HeartBleed Bug is a very serious issue in OpenSSL cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers. Several distributions are affected. For more information, refer to:

http://heartbleed.com/

We identified that the following EuStore EMIs are potentially affected by the bug:

2714641871 fedora x86_64 starter kvm Fedora 18 1.7GB root
0355237665 fedora x86_64 starter kvm Fedora 20 2GB root
3550541955 debian x86_64 starter kvm Debian 7 1.7GB root
1424900416 opensuse x86_64 starter kvm OpenSUSE 12.2 x86_64 - KVM image

We strongly advise to immediately update OpenSSL packages on all images/virtual machines installed from the affected EMIs.

Workaround

To update to the latest OpenSSL package, run the command that corresponds to your distribution.

On Fedora:

# yum upgrade openssl

On Debian:

# apt-get update
# apt-get install openssl

On OpenSUSE:

# zypper update openssl

Solution

Updated EMIs are available in the EuStore:
http://emis.eucalyptus.com

Contact and help

Contact the HP Helion Eucalyptus security team at euca-security@hp.com.