Wind River Support Network

HomeDefectsLIN5-19569
Fixed

LIN5-19569 : Security Advisory - openssl - CVE-2014-3566

Created: Oct 16, 2014    Updated: Dec 19, 2017
Resolved Date: Oct 17, 2014
Previous ID: LIN4-31837
Found In Version: 5.0.1.20
Fix Version: 5.0.1.20
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

Other Downloads


Live chat
Online