The HeartBleed Bug is a very serious vulnerability found in OpenSSL 1.0.1 before 1.0.1g. This vulnerability affects some of the images that are provided as a part of the Eucalyptus EuStore. We recommend that you immediately replace the affected EMIs with the newest versions.
The HeartBleed Bug is a very serious issue in OpenSSL cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers. Several distributions are affected. For more information, refer to:
We identified that the following EuStore EMIs are potentially affected by the bug:
|2714641871||fedora||x86_64||starter kvm||Fedora 18 1.7GB root|
|0355237665||fedora||x86_64||starter kvm||Fedora 20 2GB root|
|3550541955||debian||x86_64||starter kvm||Debian 7 1.7GB root|
|1424900416||opensuse||x86_64||starter kvm||OpenSUSE 12.2 x86_64 - KVM image|
We strongly advise to immediately update OpenSSL packages on all images/virtual machines installed from the affected EMIs.
To update to the latest OpenSSL package, run the command that corresponds to your distribution.
# yum upgrade openssl
# apt-get update # apt-get install openssl
# zypper update openssl
Updated EMIs are available in the EuStore:
Contact and Help
Contact the Eucalyptus Security Team at firstname.lastname@example.org.