-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Following the Debian Security Announcement 3142 [1] addressing CVE-2015-0235 [2], updated AMIs for Wheezy are now available as 7.8.aws.1 that incorporate the updated libc6 package in the image. These AMIs are listed at:
https://wiki.debian.org/Cloud/AmazonEC2Image/Wheezy || '''Region''' || '''hvm x86_64 ebs''' || '''paravirtual i386 ebs''' || '''paravirtual x86_64 ebs''' || '''paravirtual x86_64 instance-store''' || || ap-northeast-1 || ami-b25d44b3 || ami-c05e47c1 || ami-e05c45e1 || ami-745c4575 || || ap-southeast-1 || ami-aeb49ffc || ami-c08ba092 || ami-008ba052 || ami-6a8ba038 || || ap-southeast-2 || ami-6b770351 || ami-f17703cb || ami-b777038d || ami-4f770375 || || eu-central-1 || ami-98043785 || ami-c80437d5 || ami-b60437ab || ami-8a043797 || || eu-west-1 || ami-61e56916 || ami-1be06c6c || ami-e7e66a90 || ami-c9e569be || || sa-east-1 || ami-3d8b3720 || ami-6b8b3776 || ami-558b3748 || ami-2f8b3732 || || us-east-1 || ami-e0efab88 || ami-e6eeaa8e || ami-baeda9d2 || ami-74efab1c || || us-west-1 || ami-b4869ff1 || ami-a8b9a0ed || ami-c0b9a085 || ami-70b9a035 || || us-west-2 || ami-431a4273 || ami-051b4335 || ami-f91a42c9 || ami-a31a4293 || || us-gov-west-1 || ami-d13455f2 || ami-d53455f6 || ami-d73455f4 || - || || cn-north-1 || ami-48029071 || - || ami-5c029065 || - || HVM AMIs with Debian Wheezy are experimental, as they use extlinux as the boot loader. I'll be pushing this to the AWS Marketplace team very shortly (replacing our just released 7.8 AMIs that are now in Marketplace). I'll announce the deprecation of the 7.8 and 7.7 AMIs in a few days (and we'll use long schedules for these to be de-circulated). I highly recommend anyone currently running a Debian image to apply pending updates via apt/aptitude/etc as you would off cloud; check out the "unattended-upgrades" package to help automate applying security upgrades. People doing this will have already picked up this update. Also check out clout-init data format for your UserData scripts to tell your fresh instance to update & upgrade packages (check out the example on [4]). Be sure to check all your AutoScale group Launch Configurations if you reference AMIs, as well as any CloudFormation templates and other scripts that may refer to the existing AMI ID. Some other notes while you're here: * I recommend that anyone running an i386 image start to plan their migration to amd64. This may mean looking at things like MultiArch[3] to run 32bit binaries on 64 bit operating systems * With the release of Jessie pending, HVM will be the preferred virtualisation platform for us; I imagine post Jessie+1 we wont have i386 or PVM architectures any more. We have been generating test images for Jessie for some time[4], and I welcome feedback on them. James [1] https://www.debian.org/security/2015/dsa-3142 [2] https://security-tracker.debian.org/tracker/CVE-2015-0235 [3] https://wiki.debian.org/Multiarch/HOWTO [4] https://wiki.debian.org/Cloud/AmazonEC2Image/Jessie - -- /Mobile:/ +61 422 166 708, /Email:/ james_AT_rcpt.to -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQIcBAEBAgAGBQJUyQGdAAoJEK7IKHSdhcU8bYMP/jqvpeifb/XLBPXlMElXsHyO SKalyoN44o4s+4O4QS2nJXxZ+RXTsyo18eSUHnr5kTLRHGS7g2e4bdKlK1v0YDo/ TW1FsaXd7AHdZ7tCO0q3hiIKmWtLJNkOOKltZC3OcyfNJV4cCpaX6L9toYhJ+Phr etZa6YB5jTiapHgYMDwPD7DIBG9Dt7eK0CFjlMwNo5yPCzS2KwffzB4vvASMh292 0gLjXuspj4eiwtKKfF5qyyS4KU+B8Q7DIRh13GxFDJl8AISPNjxKPV/eEoHh5qJY fLxbuQrMYpjct7Cy+wPKqWygoHGBK+K8vY9Ki69zkAyL2Elm8xgn4nPZlT5DnrrZ 3KrdDqUxpgfpNx51SV/QMuADWo/QXmSASRgJ9+z4YFGibeEptmakKvxMlVhfHNxv w/PPoeBQknaXE6y7q4HN8W4lQ9/F2gWPxuUak3poys+v+g4P15YUx8u4qpK52NmN /bl8kDOOX6E5XVWnmrSoUW2ZxPU0+Y3HcnUBSvXA7FxuB0VDs2TIaHDdTmCoZ512 OjiVCE0wdaHJFZG1G7Fsf8SpnauZQWRnS0nHFX3sznItevpReG7EcysEb2LvIt+C jCOx0GTMf6lXvH7t5gmMTg/Cn7xJkpT8/JJLCdRQHxZ3xM7OYsvId8ShuDallA4h Ze9QbaKSkoCiSNl5Im1D =sKJP -----END PGP SIGNATURE-----
