0 Replies Latest reply on Aug 14, 2015 8:55 AM by ahazelton

    Edison & openSSL security

    ahazelton

      I happened to received a security warning notice about a problem with openSSL (see their web site for details) and i checked to see what version Edison uses.....it appears to use an affected version so please make sure you manually update to a fixed version until the fix gets propagated into the default build.

      regards

      andyH_intel

       

       

      opkg info openssl

      Package: openssl

      Version: 1.0.1m-r0

      Depends: libssl1.0.0 (>= 1.0.1m), libc6 (>= 2.20), libcrypto1.0.0 (>= 1.0.1m)

      Status: install ok installed

      Section: libs/network

      Architecture: core2-32

      Maintainer: Poky <poky@yoctoproject.org>

      MD5Sum: aebc8206880246cb066195904093b6c5

      Size: 209888

      Filename: openssl_1.0.1m-r0_core2-32.ipk

      Source: http://www.openssl.org/source/openssl-1.0.1m.tar.gz file://configure-targets.patch file://shared-libs.patch file://oe-ldflags.patch file://engines-install-in-libdir-ssl.patch file://openssl-fix-link.patch file://debian/version-script.patch file://debian/pic.patch file://debian/c_rehash-compat.patch file://debian/ca.patch file://debian/make-targets.patch file://debian/no-rpath.patch file://debian/man-dir.patch file://debian/man-section.patch file://debian/no-symbolic.patch file://debian/debian-targets.patch file://openssl_fix_for_x32.patch file://fix-cipher-des-ede3-cfb1.patch file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch file://initial-aarch64-bits.patch file://find.pl file://openssl-fix-des.pod-error.patch file://Makefiles-ptest.patch file://ptest-deps.patch file://run-ptest

      Description: Secure Socket Layer  Secure Socket Layer (SSL) binary and related

      cryptographic tools.

      Installed-Time: 1434708655