Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)
High Nessus Plugin ID 73438
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
A missing bounds check was found in the way OpenSSL handled TLS
heartbeat extension packets. This flaw could be used to reveal up to
64k of memory from a connected client or server.
Solution
Run 'yum update openssl' to update your system and restart all
services that are using openssl. While the new package is still
named openssl-1.0.1e, it does contain the fix for CVE-2014-0160.