Wind River Support Network

HomeSecurity NoticesWind River Security Alert for Logjam Attack
Recommended

Wind River Security Alert for Logjam Attack

Released: May 27, 2015     Updated: May 29, 2015

Summary

Wind River Security Alert for Logjam Attack


Affected Product Versions

Wind River Linux 4, Wind River Linux 5, Wind River Linux 6, Wind River Linux 7

Downloads


Description

There is a new security vulnerability called Logjam focused on Diffie–Hellman.
This vulnerability allows a man-in-the-middle network attacker to downgrade
a TLS connection to use export-grade cryptography, allowing him to read the
exchanged data and inject data into the connection:

http://en.wikipedia.org/wiki/Logjam_%28computer_security%29
https://weakdh.org/
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

These days we scanned our products. All our releases are affected and
several user space packages need to be modified for it. For some packages
like openssl and openssh, a serial patches are needed to be integrated into
source file.

The patches in The_fix_for_WRLinux4.3.tar.bz2 are for WRLinux 4.3 RCPL 29
The patches in The_fix_for_WRLinux5.0.1.tar.bz2 are for WRLinux 5.0.1.26
The patches in The_fix_for_WRLinux6.0.tar.bz2 are for WRLinux 6.0.0.20
The patches in The_fix_for_WRLinux7.0.tar.bz2 are for WRLinux 7.0.0.5

Untar the patches and apply the patches to

WRLinux 4.3 RCPL 29
===============

$cd installdir/wrlinux-4/layers/updates/RCPL-4.3-WRL.0029/wrll-userspace/
$patch -p1 < *.patch

WRLinux 5.0.1.26/6.0.0.20/7.0.0.5
===============
$configure a project
$cd layers/oe-core
$git am *.patch


BTW, we will integrate the fixes into next RCPL

WRLinux 4.3 RCPL 30
WRLinux 5.0.1.27
WRLinux 6.0.0.20
WRLinux 7.0.0.6


Live chat
Online