Wind River Support Network

HomeSafety and Security NoticesWind River Security Alert for Wind River Linux 4.x/5.0.1.x/6.0.0.x

Recommended

Wind River Security Alert for Wind River Linux 4.x/5.0.1.x/6.0.0.x

Released: Aug 18, 2014 Updated: Aug 18, 2014

Summary

Wind River Security Alert for Wind River Linux 4.x/5.0.1.x/6.0.0.x

Affected Product Versions

Wind River Linux 4, Wind River Linux 5, Wind River Linux 6

Downloads

Description

This alert confirms that the Wind River Linux releases 4.3.0.x/5.0.1.x/6.0.0.x ARE SUSCEPTIBLE
to the following Vulnerabilities
- CVE-2014-5139
- CVE-2014-3512
- CVE-2014-3511
- CVE-2014-3510
- CVE-2014-3509
- CVE-2014-3508
- CVE-2014-3507
- CVE-2014-3506
- CVE-2014-3505

Additional information for each Wind River Linux release is provided below.

Wind River Linux 4.3.0.x
================

CVE-2014-5139 - not vulnerable
CVE-2014-3512 - not vulnerable
CVE-2014-3511 - vunlerable
CVE-2014-3510 - vunlerable
CVE-2014-3509 - vunlerable
CVE-2014-3508 - vunlerable
CVE-2014-3507 - vunlerable
CVE-2014-3506 - vunlerable
CVE-2014-3505 - vunlerable

How to apply the patch to 4.3.0.25

$cd /wrlinux-4/layers/updates/RCPL-4.3-WRL.0025/wrll-userspace
$patch -p1 < 0001-Fix-following-CVEs-for-4.3.0.25.patch

How to apply the patch to 4.3.0.26 (It will be released 30AUG)

$cd /wrlinux-4/layers/updates/RCPL-4.3-WRL.0026/wrll-userspace
$patch -p1 < 0001-Fix-following-CVEs-for-4.3.0.26.patch

Note: this vulnerabilities will be patched in Wind River Linux 4.3.0.27 scheduled for release 22SEP2014.

Wind River Linux 5.0.1.x
================

CVE-2014-5139 - vulnerable
CVE-2014-3512 - vulnerable
CVE-2014-3511 - vunlerable
CVE-2014-3510 - vunlerable
CVE-2014-3509 - vunlerable
CVE-2014-3508 - vunlerable
CVE-2014-3507 - vunlerable
CVE-2014-3506 - vunlerable
CVE-2014-3505 - vunlerable

How to apply the patch 5.0.1.17

1) configure project with .. --with-rcpl-version=0017
2) cd project/layers/oe-core
3) git am 0001-Fix-openssl-CVEs-for-5.0.1.17.patch

Note: this vulnerabilities will be patched in Wind River Linux 5.0.1.18 scheduled for release 30AUG2014.

Wind River Linux 6.0.0.x
================

CVE-2014-5139 - vulnerable
CVE-2014-3512 - vulnerable
CVE-2014-3511 - vunlerable
CVE-2014-3510 - vunlerable
CVE-2014-3509 - vunlerable
CVE-2014-3508 - vunlerable
CVE-2014-3507 - vunlerable
CVE-2014-3506 - vunlerable
CVE-2014-3505 - vunlerable

How to apply the patch 6.0.0.10

1) configure project with .. --with-rcpl-version=0010
2) cd project/layers/oe-core
3) git am 0001-Fix-openssl-CVEs-for-6.0.0.10.patch

Note this vulnerabilities will be patched in Wind River Linux 6.0.0.11 scheduled for release 30AUG2014.

For more information please contact Wind River Support at +1-800-872-4977 or your local Wind River representative.