We have provided OpenSSL patches through our standard stack upgrade path. For notes on this process, please visit: https://support.cloud.engineyard.com/entries/89894297-Engine-Yard-Release-Notes-March-2015#20150320
Mar 30, 20:40 UTC
Engine Yard is aware of the recently announced vulnerability in the OpenSSL protocol. The affected versions are 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. The announcement’s high-risk vulnerability pertains only to 1.0.2, which is not applicable to Engine Yard’s application stacks, and therefore poses no risk. However, versions 1.0.1k, 1.0.0p, and 0.9.8zd are applicable as medium-severity risk. The following CVEs are involved, but detailed information has not been publicly disclosed at this time:
Once OpenSSL has released further information and the recommended patches, we will begin the process of reviewing, testing, and integrating.
Further updates can be found in our Security Known Issue article here: https://support.cloud.engineyard.com/entries/90876027-OpenSSL-vulnerabilities-reported
Mar 18, 18:32 UTC