Is AWS, specifically the load balancer service affected by SSL "Heart Bleed" exploit?

Abram picture Abram · Apr 8, 2014 · Viewed 13.8k times · Source

I can't find information on what versions they're using. I'd expect AWS to make a statement about this, because it's a pretty big deal, but again, can't find anything.

To answer my own question, YES it is vulnerable. Use this site to test:

http://filippo.io/Heartbleed/

Answer

user3512472 picture user3512472 · Apr 8, 2014

Your question sounds very similar to this thread on AWS Forums:

https://forums.aws.amazon.com/thread.jspa?messageID=535235&tstart=0

If you have not checked that before, in short; Yes AWS ELBs are affected by heartbleed and Amazon released this statement mentioning they are working on it:

http://aws.amazon.com/security/security-bulletins/heartbleed-bug-concern/

They have not provided a timeline yet.

For Amazon Linux images, patch is available through yum repositories. (Updated package: openssl-1.0.1e-37.66.amzn1)