2015/01/28 7:45 AM PST - Update

AWS Elastic Beanstalk - Updates for Elastic Beanstalk have been completed and are ready for our customers to apply to their environments. Customers with existing environments will need to take action, please see the Elastic Beanstalk forum announcement (https://forums.aws.amazon.com/ann.jspa?annID=2855) for specific steps to patch your environment. All new environments launched after 2015/1/28 @ 6AM PST will have the patches installed and will require no further actions from our customers.




2015/01/27 4:00 PM PST - Update

We have reviewed CVE-2015-0235. Our services are not affected, except as noted below.

AWS Elastic Beanstalk – Updates are currently being deployed. Our next update will include specific steps customers should take to finalize the update process.

We will update this bulletin within 24 hours.





2015/01/27 1:45 PM PST - Update

Amazon Linux AMI - An updated glibc-2.17-55.93.amzn1 has been released to our "latest" repositories which addresses CVE-2015-0235. Once the update has been applied to your environment, reboot your instance to ensure that all processes and daemons that link against glibc are using the updated version.

Even on new instance launches, you should still reboot after cloud-init has automatically applied this update. We will be issuing an updated Amazon Linux AMI to provide customers with fresh AMIs that do not need this update to be applied.

For additional information regarding this update, please see our Amazon Linux AMI Security update post at https://alas.aws.amazon.com/ALAS-2015-473.html





2015/01/27 12:20 PM PST

We are aware of the Security Advisory for CVE-2015-0235 posted by Qualys at https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt.

We are currently reviewing AWS Services and will update this bulletin within 24 hours.