On the 7th of April, a critical vulnerability of OpenSSL has been found.
You can find more information about it below.
- Heartbleed Bug
- Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet | TechCrunch
To address this vulnerability, please follow the steps below:
- If your OpenSSL version is 1.0.1 〜 1.0.1f, update to the fixed version ( 1.0.1g or later)
# You can find the version of openssl to openssl version run .
- After updating OpenSSL, reboot the services using the library or server itself.
- Rotate any secrets or keys (e.g. your SSL certificates) that were used by the affected OpenSSL process.
# Because you can’t find if the secret keys are leaked or not.
For OS’s which AMIMOTO AMI using, Amazon Linux, RedHat Linux Enterprise, CentOS, the fixed packages are distributed by yum.
These have been renamed instead of changing the version number, look at the package number by 、
yum info openssl、
rpm -q openssl and if the number is not the right one, update it and reboot the server.
How to find the package number.
$ yum info openssl Installed Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.1e Release : 37.66.amzn1 Size : 4.0 M Repo : installed From repo : amzn-updates Summary : Utilities from the general purpose cryptography library with : TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure : communications between machines. OpenSSL includes a : certificate management tool and shared libraries which : provide various cryptographic algorithms and protocols. $ rpm -q openssl openssl-1.0.1e-37.66.amzn1.x86_64
For Amazon Linux, it is fixed if the number is
37.66.amzn1 . Other distributions fixed numbers are as follows:
- Amazon Linux openssl-1.0.1e-37.66.amzn1.x86_64
- RHEL 6.5 openssl-1.0.1e-16.el6_5.7.x86_64
- CentOS 6.5 openssl-1.0.1e-16.el6_5.7.x86_64
To update OpenSSL of AMIMOTO AMI, please follow the steps below:
$ sudo yum update -y openssl : ... : update: audit.x86_64 0:2.3.2-3.19.amzn1 openssl.x86_64 1:1.0.1e-37.66.amzn1 Updated: audit-libs.x86_64 0:2.3.2-3.19.amzn1 glibc.x86_64 0:2.17-36.81.amzn1 glibc-common.x86_64 0:2.17-36.81.amzn1 Complete!
For AMIMOTO managed hosting, this issue is already fixed.
So the users may set your mind at ease.