AWS-2014-003
April 08, 2014 We have reviewed all AWS services for impact for the issue described in CVE-2014-0160 (also known as the Heartbleed bug). With the exception of the services listed below, we have either determined that the services were unaffected or have been able to apply mitigations that do not require customer action. Elastic Load Balancing: We can confirm that all load balancers affected by the issue described in CVE-2014-0160 have now been updated in all Regions. If you are terminating your SSL connections on your Elastic Load Balancer, you are no longer vulnerable to the Heartbleed bug. As an added precaution, we recommend that you rotate your SSL certificates using the information provided in the Elastic Load Balancing documentation: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.htm l Amazon EC2: Customers using OpenSSL on their own Linux images should update their images in order to protect themselves from the Heartbleed bug described in CVE-2014-0160. Links for instructions on how to update several of the popular Linux offerings can be found below. As an added precaution, we recommend that you rotate any secrets or keys (e.…
Timeline
- Apr 9, 2014 PoC Published
- Oct 9, 2019 CVE Published
- Apr 11, 2025 PoC Published
- May 6, 2026 Distribution Patch
References
- AWS Services Updated to Address OpenSSL Vulnerability advisory
- http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html web
- https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/ web
- https://rhn.redhat.com/errata/RHSA-2014-0376.html web
- http://www.ubuntu.com/usn/usn-2165-1/ web
- https://forums.aws.amazon.com/ann.jspa?annID=2429 web
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html web