[Commotion-dev] Fwd: OpenSSL vulnerability
Chris Ritzo
critzo at opentechinstitute.org
Wed Apr 9 12:42:00 EDT 2014
Ben,
Thanks for opening this discussion on the hearbleed exploit. This is
definitely an issue with OpenSSL on openwrt.
For Commotion, we are using cyassl rather than openssl, so it should be
less of an issue for Commotion. Due dilligence though, we are testing
the exploit against Commotion nodes running cyassl to confirm that we're ok.
-Chris
On 04/07/2014 10:16 PM, Ben West wrote:
> About the exploit:
> http://heartbleed.com/
>
> The fixed version (released recently) is 1.01g+:
> https://www.openssl.org/news/secadv_20140407.txt
>
> Trunk appears to be using 1.01f:
> https://dev.openwrt.org/browser/trunk/package/libs/openssl/Makefile
>
> AA is on 1.01e
> https://dev.openwrt.org/browser/tags/attitude_adjustment_12.09/package/openssl/Makefile?rev=40420
>
> --
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434 <tel:314-246-9434>
>
>
>
> --
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
More information about the Commotion-dev
mailing list