Wind River Support Network

HomeDefectsLIN6-9929
Fixed

LIN6-9929 : Security Advisory - openssl & openssh - CVE-2015-4000

Created: May 26, 2015    Updated: Dec 3, 2018
Resolved Date: May 29, 2015
Previous ID: LIN4-32641
Found In Version: 6.0.0.18
Fix Version: 6.0.0.21
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

There is a new security vulnerability called Logjam focused on Diffie–Hellman.
This vulnerability allows a man-in-the-middle network attacker to downgrade
a TLS connection to use export-grade cryptography, allowing him to read the
exchanged data and inject data into the connection:

http://en.wikipedia.org/wiki/Logjam_%28computer_security%29
https://weakdh.org/
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

These days we scanned our products. All our releases are effected and
several user space packages need to be modified for it. For some packages
like openssl and openssh, a serial patches are needed to be integrated into
source file. below is the list of related packages:

Openssl
Openssh
Apache
Nginx
Lighttpd
Postfix
Dovecot

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

Other Downloads


Live chat
Online