Page tree
Skip to end of metadata
Go to start of metadata

Update OpenSSL Packages to Address HeartBleed Bug


 

Description

Update OpenSSL Packages to Address HeartBleed Bug

Severity LevelINFORMATIONAL
Issue Date2014-04-10
Last Updated2014-04-10
Affected ProductsCentos 6.5, RHEL 6
CVE NumberCVE-2014-0160

 

 

Overview

The HeartBleed Bug is a very serious vulnerability found in OpenSSL. All HP Helion Eucalyptus installs on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages:

Description

The HeartBleed Bug is a very serious issue in OpenSSL the cryptographic software library. This bug allows unauthenticated attackers to steal secret information from the process memory of remote servers.

The OpenSSL library provided by a host OS is a dependency for the HP Helion Eucalyptus and both its User Console and Faststart products. To ensure that HP Helion Eucalyptus is not affected by the HeartBleed Bug, all installs running on Centos 6.5 or RHEL 6 need to be updated to the latest openssl packages.

Solution

Upgrade to the latest OpenSSL package provided by your distribution:

Contact and help

Contact the HP Helion Eucalyptus security team at euca-security@hp.com.