[Commotion-dev] Fwd: OpenSSL vulnerability
Josh King
jking at opentechinstitute.org
Wed Apr 9 17:32:32 EDT 2014
Thanks Seamus! That's good news.
On 04/09/2014 02:14 PM, Seamus Tuohy wrote:
> Just used the current nmap-script heartbleed vulnerability test. Per
> that test the routers are not vulnerable as they closed the connection
> and returned no data.
>
>
> s2e
>
> On 04/09/2014 12:42 PM, Chris Ritzo wrote:
>> Ben,
>> Thanks for opening this discussion on the hearbleed exploit. This is
>> definitely an issue with OpenSSL on openwrt.
>>
>> For Commotion, we are using cyassl rather than openssl, so it should be
>> less of an issue for Commotion. Due dilligence though, we are testing
>> the exploit against Commotion nodes running cyassl to confirm that we're ok.
>>
>> -Chris
>>
>>
>> On 04/07/2014 10:16 PM, Ben West wrote:
>>> About the exploit:
>>> http://heartbleed.com/
>>>
>>> The fixed version (released recently) is 1.01g+:
>>> https://www.openssl.org/news/secadv_20140407.txt
>>>
>>> Trunk appears to be using 1.01f:
>>> https://dev.openwrt.org/browser/trunk/package/libs/openssl/Makefile
>>>
>>> AA is on 1.01e
>>> https://dev.openwrt.org/browser/tags/attitude_adjustment_12.09/package/openssl/Makefile?rev=40420
>>>
>>> --
>>> Ben West
>>> http://gowasabi.net
>>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>>> 314-246-9434 <tel:314-246-9434>
>>>
>>>
>>>
>>> --
>>> Ben West
>>> http://gowasabi.net
>>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>>> 314-246-9434
>>>
>>>
>>> _______________________________________________
>>> Commotion-dev mailing list
>>> Commotion-dev at lists.chambana.net
>>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>>
>>
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
--
Josh King
Lead Technologist
The Open Technology Institute
http://opentechinstitute.org
PGP Fingerprint: 8269 ED6F EA3B 7D78 F074 1E99 2FDA 4DA1 69AE 4999
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20140409/43fc94bd/attachment.sig>
More information about the Commotion-dev
mailing list