Wind River Security Alert for Logjam Attack
There is a new security vulnerability called Logjam focused on Diffie–Hellman.
This vulnerability allows a man-in-the-middle network attacker to downgrade
a TLS connection to use export-grade cryptography, allowing him to read the
exchanged data and inject data into the connection:
http://en.wikipedia.org/wiki/Logjam_%28computer_security%29
https://weakdh.org/
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
These days we scanned our products. All our releases are affected and
several user space packages need to be modified for it. For some packages
like openssl and openssh, a serial patches are needed to be integrated into
source file.
The patches in The_fix_for_WRLinux4.3.tar.bz2 are for WRLinux 4.3 RCPL 29
The patches in The_fix_for_WRLinux5.0.1.tar.bz2 are for WRLinux 5.0.1.26
The patches in The_fix_for_WRLinux6.0.tar.bz2 are for WRLinux 6.0.0.20
The patches in The_fix_for_WRLinux7.0.tar.bz2 are for WRLinux 7.0.0.5
Untar the patches and apply the patches to
WRLinux 4.3 RCPL 29
===============
$cd installdir/wrlinux-4/layers/updates/RCPL-4.3-WRL.0029/wrll-userspace/
$patch -p1 < *.patch
WRLinux 5.0.1.26/6.0.0.20/7.0.0.5
===============
$configure a project
$cd layers/oe-core
$git am *.patch
BTW, we will integrate the fixes into next RCPL
WRLinux 4.3 RCPL 30
WRLinux 5.0.1.27
WRLinux 6.0.0.20
WRLinux 7.0.0.6