The following defect(s) have been fixed in this cumulative patch for the Wind River apache-ssl:
WIND00311483 Security Advisory - Apache - CVE-2011-3368
WIND00281596 Security Advisory - Apache - CVE-2011-1752
WIND00347675 Security Advisory - apache - CVE-2012-0883
WIND00394606 Security Advisory - apache - CVE-2012-4557
----------------------------------------------------------------------------------------
Change List:
/layers/wrll-wrlinux/dist/apache-ssl/Makefile
/layers/wrll-wrlinux/dist/apache-ssl/apache-ssl.spec
/layers/wrll-wrlinux/dist/apache-ssl/patches/apache-CVE-2012-4557.patch
/layers/wrll-wrlinux/dist/apache-ssl/patches/apache-fix-CVE-2011-3368.patch
/layers/wrll-wrlinux/dist/apache-ssl/patches/httpd-2.2.8-CVE-2011-1752.patch
/layers/wrll-wrlinux/dist/apache-ssl/patches/apache-CVE-2012-0883.patch
/layers/wrll-wrlinux/dist/apache-ssl/patches/patches.list
Requires Wind River Linux Secure 1.0 to be installed
1. Unzip this patch under [install_dir]/updates
2. From the [install_dir]/updates directory, run the command "../maintenance/wrInstaller/x86-linux2/wrInstaller"
3. Follow the instructions for installing the point patch.
4. This is a source only patch so you will have to rebuild the apache-ssl package. This can be done by executing the command "make -C build apache-ssl.distclean" followed by "make -C build apache-ssl.rebuild"
5. Run "make fs" next
6. Upload the kernel and rootfs into the target and boot it up.
DATE: 21 Mar 2013
REVISION: file WRLS_1_0-base-tgt-apache-ssl-20120509-spin1.zip replaced with WRLS_1_0-base-tgt-apache-ssl-20130109-spin1.zip and includes fix to defect WIND00394606
DATE: 30 May 2012
REVISION: file WRLS_1_0-base-tgt-apache-ssl-20120216-spin1.zip replaced with WRLS_1_0-base-tgt-apache-ssl-20120509-spin1.zip and includes fix to defect WIND00347675
DATE: 21 Feb 2012
REVISION: Add file WRLS_1_0-base-tgt-apache-ssl-20120216-spin1.zip and includes fix to defect WIND00311483 WIND00281596