Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)
High Nessus Plugin ID 73438
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA missing bounds check was found in the way OpenSSL handled TLS heartbeat extension packets. This flaw could be used to reveal up to 64k of memory from a connected client or server.
SolutionRun 'yum update openssl' to update your system and restart all services that are using openssl. While the new package is still named openssl-1.0.1e, it does contain the fix for CVE-2014-0160.