I can't find information on what versions they're using. I'd expect AWS to make a statement about this, because it's a pretty big deal, but again, can't find anything.
To answer my own question, YES it is vulnerable. Use this site to test:
Is AWS, specifically the load balancer service affected by SSL "Heart Bleed" exploit? [closed]
Asked Answered
This question appears to be off-topic because it is about software versions, administration and patching. Server Fault has quite a few questions on the topic: serverfault.com/questions/tagged/heartbleed. –
Gimel
Your question sounds very similar to this thread on AWS Forums:
https://forums.aws.amazon.com/thread.jspa?messageID=535235&tstart=0
If you have not checked that before, in short; Yes AWS ELBs are affected by heartbleed and Amazon released this statement mentioning they are working on it:
http://aws.amazon.com/security/security-bulletins/heartbleed-bug-concern/
They have not provided a timeline yet.
For Amazon Linux images, patch is available through yum repositories. (Updated package: openssl-1.0.1e-37.66.amzn1)
openssl-1.0.1e-37.66.amzn1 - 1.0.1e is downlevel. 1.0.1g remediates the issue. Are they backpatching so that its impossible to track versions? –
Gimel @Gimel I believe they do not maintain 1.0.1g as a separate branch. 1.0.1e-37.66 backports fix for heartbleed. –
Burtburta
you can check their status here: aws.amazon.com/security/security-bulletins/… –
Xeric
© 2022 - 2024 — McMap. All rights reserved.