HP Helion Eucalyptus Security Advisory
Advisory ID: 
ESA-18
Severity Level: 
Informational
Issue Date: 
2014-04-10
Last Updated: 
2014-04-10
Affected Products: 
Centos 6.5, RHEL 6

Overview

The HeartBleed Bug is a very serious vulnerability found in OpenSSL. All HP Helion Eucalyptus installs on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages:

Description

The HeartBleed Bug is a very serious issue in OpenSSL the cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers.

The OpenSSL library provided by a host OS is a dependency for the HP Helion Eucalyptus and both its User Console and Faststart products. To ensure that HP Helion Eucalyptus is not affected by the HeartBleed Bug, all installs running on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages.

Solution

Upgrade to the latest OpenSSL package provided by your distribution:

Contact and help

Contact the HP Helion Eucalyptus security team at euca-security@hp.com.