Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is AWS, specifically the load balancer service affected by SSL "Heart Bleed" exploit? [closed]

I can't find information on what versions they're using. I'd expect AWS to make a statement about this, because it's a pretty big deal, but again, can't find anything.

To answer my own question, YES it is vulnerable. Use this site to test:

http://filippo.io/Heartbleed/

like image 324
Abram Avatar asked Apr 08 '14 19:04

Abram


1 Answers

Your question sounds very similar to this thread on AWS Forums:

https://forums.aws.amazon.com/thread.jspa?messageID=535235&tstart=0

If you have not checked that before, in short; Yes AWS ELBs are affected by heartbleed and Amazon released this statement mentioning they are working on it:

http://aws.amazon.com/security/security-bulletins/heartbleed-bug-concern/

They have not provided a timeline yet.

For Amazon Linux images, patch is available through yum repositories. (Updated package: openssl-1.0.1e-37.66.amzn1)

like image 120
user3512472 Avatar answered Nov 02 '22 16:11

user3512472