OpenStack and Heartbleed

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Created page with "This page describes how the Heartbleed OpenSSL vulnerability affects OpenStack deployments made with the Cisco OpenStack Installer. * Ubuntu uses OpenSSL. Distributions of Ubunt...")
Line 11: Line 11:
* '''Deployments installed before April 7, 2014 are vulnerable.''' For older deployments, Cisco recommends that administrators:
* '''Deployments installed before April 7, 2014 are vulnerable.''' For older deployments, Cisco recommends that administrators:
*# Patch Ubuntu on all affected servers;
*# Patch Ubuntu on all affected servers;
-
*# Rekey their entire public-key infrastructure for all services that use OpenSSL; and
+
*# Rekey their entire public-key infrastructure for all services that use OpenSSL (including Puppet); and
*# Change all passwords.
*# Change all passwords.
The following links provide more information about Heartbleed and:
The following links provide more information about Heartbleed and:
* [http://www.ubuntu.com/usn/usn-2165-1/ How to patch Ubuntu, including Ubuntu 12.04 LTR (Precise)]
* [http://www.ubuntu.com/usn/usn-2165-1/ How to patch Ubuntu, including Ubuntu 12.04 LTR (Precise)]
-
* [http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users OpenStack Components]
+
* [http://puppetlabs.com/blog/heartbleed-security-bug-update-puppet-users Puppet certificates]
-
* [https://wiki.openstack.org/wiki/OSSN/OSSN-0012 Puppet certificates]
+
* [https://wiki.openstack.org/wiki/OSSN/OSSN-0012 OpenStack]
[[Category:OpenStack]]
[[Category:OpenStack]]

Revision as of 20:56, 10 April 2014

This page describes how the Heartbleed OpenSSL vulnerability affects OpenStack deployments made with the Cisco OpenStack Installer.

  • Ubuntu uses OpenSSL. Distributions of Ubuntu that were available when Heartbleed was announced are vulnerable.
  • OpenStack clouds running on Ubuntu (including those installed by Cisco OSI) are therefore vulnerable.
  • Ubuntu has already been patched to close the vulnerability, and Cisco OpenStack Installer automatically updates to the newest patch when installed.

Therefore:

  • Deployments made on or after April 7, 2014 using Cisco OpenStack Installer are safe from the vulnerability.
  • Deployments installed before April 7, 2014 are vulnerable. For older deployments, Cisco recommends that administrators:
    1. Patch Ubuntu on all affected servers;
    2. Rekey their entire public-key infrastructure for all services that use OpenSSL (including Puppet); and
    3. Change all passwords.

The following links provide more information about Heartbleed and:

Rating: 0.0/5 (0 votes cast)

Personal tools