[tor-relays] any action required for AWS cloud relays?

Jason Odoom jasonodoom at gmail.com
Wed Apr 9 18:20:15 UTC 2014 

Hi Lee,

 You should have received an email from AWS. Yes you definitely need to
take action. Here it is in case you missed it:

Dear Amazon EC2 Customer,

The OpenSSL project has recently announced a security vulnerability in
OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160). Customers that
are running Linux and are using SSL could be affected by this issue and
should upgrade to a fixed version as soon as possible.

If you're using the Amazon Linux AMI, you can simply run "sudo yum update
openssl", and then restart any services using OpenSSL to protect any
at-risk instances.

Find more details and update instructions from the websites of your Linux
vendor of choice:
* Amazon Linux AMI:
https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/
* Red Hat: https://rhn.redhat.com/errata/RHSA-2014-0376.html
* Ubuntu: http://www.ubuntu.com/usn/usn-2165-1/

Please note that several of the prominent Linux operating systems have
released fixed packages that still bear the OpenSSL 1.0.1e name.  Even
though the OpenSSL project released 1.0.1g as their newest software,
downstream Linux providers have in some cases elected to include just the
fix for CVE-2014-0160 in their packages in order to provide a small update
quickly. Updates to 1.0.1g are likely to come later.

For more information about this vulnerability, please visit
* AWS Security Bulletin page:
https://aws.amazon.com/security/security-bulletins/
* OpenSSL's official advisory:
https://www.openssl.org/news/secadv_20140407.txt
* The Heartbleed Bug: http://heartbleed.com/

Thank you,

AWS Security

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is
a registered trademark of Amazon.com, Inc. This message was produced and
distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA
98109-5210

Regards,

Jason


On Wed, Apr 9, 2014 at 2:05 PM, lee colleton <lee at colleton.net> wrote:

> Sorry, I mean this in light of CVE-2014-0160 the Heartbleed OpenSSL bug
>
>
> On Wed, Apr 9, 2014 at 11:04 AM, lee colleton <lee at colleton.net> wrote:
>
>> I have relay(s) running in AWS. Will they auto-update? Do I need to take
>> any action?
>>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140409/d27ff551/attachment.html>

More information about the tor-relays mailing list