Wind River Support Network


LIN6-8581 : Security Advisory - openssl - CVE-2014-3568

Created: Oct 19, 2014    Updated: Dec 3, 2018
Resolved Date: Oct 19, 2014
Previous ID: LIN4-31843
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol

Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).

Other Downloads

Live chat