OpenStack and Heartbleed

From DocWiki

Jump to: navigation, search

This page describes how the Heartbleed OpenSSL vulnerability affects OpenStack deployments made with the Cisco OpenStack Installer.

  • Ubuntu uses OpenSSL. Distributions of Ubuntu that were available when Heartbleed was announced are vulnerable.
  • OpenStack clouds running on Ubuntu (including those installed by Cisco OSI) are therefore vulnerable.
  • Ubuntu has already been patched to close the vulnerability, and Cisco OpenStack Installer automatically updates to the newest patch when installed.

Therefore:

  • Deployments made on or after April 7, 2014 using Cisco OpenStack Installer are safe from the vulnerability.
  • Deployments installed before April 7, 2014 are vulnerable. For older deployments, Cisco recommends that administrators:
    1. Patch Ubuntu on all affected servers;
    2. Rekey their entire public-key infrastructure and create new certificates for all services that use OpenSSL (including Puppet); and
    3. Change all passwords.

The following links provide more information about Heartbleed and:

Rating: 0.0/5 (0 votes cast)

Personal tools