Wind River Support Network

HomeSafety and Security NoticesWind River Security Alert for Logjam Attack

Wind River Security Alert for Logjam Attack

Released: May 27, 2015     Updated: May 29, 2015


Wind River Security Alert for Logjam Attack

Affected Product Versions

Wind River Linux 4, Wind River Linux 6, Wind River Linux 7, Wind River Linux 5



There is a new security vulnerability called Logjam focused on Diffie–Hellman.
This vulnerability allows a man-in-the-middle network attacker to downgrade
a TLS connection to use export-grade cryptography, allowing him to read the
exchanged data and inject data into the connection:

These days we scanned our products. All our releases are affected and
several user space packages need to be modified for it. For some packages
like openssl and openssh, a serial patches are needed to be integrated into
source file.

The patches in The_fix_for_WRLinux4.3.tar.bz2 are for WRLinux 4.3 RCPL 29
The patches in The_fix_for_WRLinux5.0.1.tar.bz2 are for WRLinux
The patches in The_fix_for_WRLinux6.0.tar.bz2 are for WRLinux
The patches in The_fix_for_WRLinux7.0.tar.bz2 are for WRLinux

Untar the patches and apply the patches to

WRLinux 4.3 RCPL 29

$cd installdir/wrlinux-4/layers/updates/RCPL-4.3-WRL.0029/wrll-userspace/
$patch -p1 < *.patch

$configure a project
$cd layers/oe-core
$git am *.patch

BTW, we will integrate the fixes into next RCPL

WRLinux 4.3 RCPL 30

Live chat