as of now, support is unaware there is a fix being rolled out.
i would have been better served not speaking to them, let alone paying for aws support.
Wonder where this is even linked from?
Just used Zapier to set up a RSS-to-email trigger to get notified about things like this in the future, although Amazon really should be sending them out automatically to customers.
It detects new AWS security bulletin items and notifies you via Google Hangout.
VULNERABLE - zapier.com:443 has the heartbeat extension enabled and is vulnerable to CVE-2014-0160
SECURE - zapier.com:443 has the heartbeat extension enabled, but timed out after a malformed heartbeat (this likely means that it is not vulnerable)
I personally observed the OpenSSL disclosure on this on the New page of Hacker News prior to our blog post being made live (and prior to submitting it to HN). You can also verify this yourself by following the New page backwards.
The bigger question, though, is how much trust you can have with the kind of people who would zero-day most of the internet for a marketing exercise. Discrete notifications would have closed the vulnerability window for a lot of people (think e.g. stealthy AWS, Rackspace, etc. upgrades) and it's not clear to me that Codenomicon is likely to produce future tips of such value as to outweigh that.
When you combine Docker, buildpacks, and CoreOS, you get a scalable and flexible platform that you can run anywhere. It has taken people a long time to combine the simplicity of Heroku with the flexibility of bare metal, but the open source guys have finally put all the building blocks together.