Help us understand the problem. What is going on with this article?

EC2インスタンスのOpenSSLのHeartbleed Bug対応

More than 5 years have passed since last update.

あんまりよくないバグみたいなので、サクッと対応しておきましょう。

The Heartbleed Bug
CVE-2014-0160
http://heartbleed.com/

既存のEC2インスタンスはどうすればいいの?

AWSは本当に対応早いです。
Amazon Linuxならyumで対応できます。

sudo yum clean all
sudo yum update openssl

した後、依存しているサービスをリスタートしてOKです。

opensslのバージョンが1.0.1eになったままになっているけど、パッチは当たっているから大丈夫だよって書いてあります。
Versionのところがopenssl-1.0.1e-37.66.amzn1以上かだけチェックはした方が良さそうです。

The updated package is openssl-1.0.1e-37.66.amzn1

Please note that even though this package is still named openssl-1.0.1e, it does contain the patches that were made available upstream for CVE-2014-0160.

それでもうまくいかない場合は/etc/yum.confを編集する必要があるそうです。
http://qiita.com/tachiba/items/83e5fd31d06e6577abb3#comment-cc6c93ef2cbed5be5d51

Did you try "yum clean all" first?
Are you sure that your "releasever" in /etc/yum.conf is set to "latest"?

あたらしく立てるインスタンスは?

自動でインストールされているらしいです。

Because this update has been marked as a "Critical", new launches of the Amazon Linux AMI will install it by default, as discussed in https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update

ELB使ってるんだけど...

ELBでSSL terminationを使用している場合の脆弱性が認められたとのことです。

ですが、修正されたようです。
SSL terminationを利用されていた方は証明書の更新を推奨されています。

日本語のページができていました。

AWSからOpenSSLの脆弱性について AWS のサービスアップデート

Update an SSL Certificate for a Load Balancer

HeartBleed Bug Concern

こちらはフォーラムのスレッドです。

Is AWS Elastic Load Balancing affected by the HeartBleed bug

Heartbleed Load Balancer Vulnerability CVE-2014-0160

We can confirm that load balancers using Elastic Load Balancing SSL termination are vulnerable to the Heartbleed Bug (CVE-2014-0160) reported earlier today. We are currently working to mitigate the impact of this issue and will provide further updates.

--

cf.)

existential type crisis : Diagnosis of the OpenSSL Heartbleed Bug

Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away