Bug 12687 - Update OpenSSL to 0.9.8y
: Update OpenSSL to 0.9.8y
Status: UNCONFIRMED
Product: Maemo 5 Community SSU
general
: unspecified
: N900 Maemo
: Unspecified critical with 1 vote (vote)
: ---
Assigned To: unassigned
: general
:
:
:
:
  Show dependency tree
 
Reported: 2013-02-10 14:31 UTC by Bartosz Miśkiewicz
Modified: 2013-02-10 14:31 UTC (History)
0 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Bartosz Miśkiewicz (reporter) 2013-02-10 14:31:50 UTC
Version of OpenSSL in Fremantle CSSU (at least stable flavour) is 0.9.8n. All
versions older than 0.9.8y are know to be vernulable to recently discovered
attack called "Lucky Thirteen": http://www.isg.rhul.ac.uk/tls/

Accoriding to that web page, versions 1.0.1d, 1.0.0k and 0.9.8y are safe, and
version on our devices is 0.9.8n (so we need an upgrade from 0.9.8n -> 0.9.8y,
as this one should be, at least in theory, pretty simple and straightforward).