Wind River Support Network

HomeDefectsLIN5-20449
Fixed

LIN5-20449 : Security Advisory - openssl & openssh - CVE-2015-4000

Created: May 26, 2015    Updated: Dec 19, 2017
Resolved Date: May 29, 2015
Previous ID: LIN4-32640
Found In Version: 5.0.1.24
Fix Version: 5.0.1.27
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

There is a new security vulnerability called Logjam focused on Diffie–Hellman.
This vulnerability allows a man-in-the-middle network attacker to downgrade
a TLS connection to use export-grade cryptography, allowing him to read the
exchanged data and inject data into the connection:

http://en.wikipedia.org/wiki/Logjam_%28computer_security%29
https://weakdh.org/
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

These days we scanned our products. All our releases are effected and
several user space packages need to be modified for it. For some packages
like openssl and openssh, a serial patches are needed to be integrated into
source file. below is the list of related packages:

Openssl
Openssh
Apache
Nginx
Lighttpd
Postfix
Dovecot

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

Other Downloads


Live chat
Online