maemo.org Bugzilla – Bug 12687
Update OpenSSL to 0.9.8y
Last modified: 2013-02-10 14:31:50 UTC
You need to
before you can comment on or make changes to this bug.
Version of OpenSSL in Fremantle CSSU (at least stable flavour) is 0.9.8n. All
versions older than 0.9.8y are know to be vernulable to recently discovered
attack called "Lucky Thirteen": http://www.isg.rhul.ac.uk/tls/
Accoriding to that web page, versions 1.0.1d, 1.0.0k and 0.9.8y are safe, and
version on our devices is 0.9.8n (so we need an upgrade from 0.9.8n -> 0.9.8y,
as this one should be, at least in theory, pretty simple and straightforward).