OpenStack and Heartbleed
This page describes how the Heartbleed OpenSSL vulnerability affects OpenStack deployments made with the Cisco OpenStack Installer.
- Ubuntu uses OpenSSL. Distributions of Ubuntu that were available when Heartbleed was announced are vulnerable.
- OpenStack clouds running on Ubuntu (including those installed by Cisco OSI) are therefore vulnerable.
- Ubuntu has already been patched to close the vulnerability, and Cisco OpenStack Installer automatically updates to the newest patch when installed.
- Deployments made on or after April 7, 2014 using Cisco OpenStack Installer are safe from the vulnerability.
- Deployments installed before April 7, 2014 are vulnerable. For older deployments, Cisco recommends that administrators:
- Patch Ubuntu on all affected servers;
- Rekey their entire public-key infrastructure and create new certificates for all services that use OpenSSL (including Puppet); and
- Change all passwords.
The following links provide more information about Heartbleed and: