OpenBMC CVE issues in openssl

Brad Bishop bradleyb at fuzziesquirrel.com
Thu Sep 19 00:49:30 AEST 2019


at 2:05 AM, Xu, Qiang <qiang.xu at linux.intel.com> wrote:

> Hi,
>
> Some openssl vulnerabilities are found by security scan on latest OpenBMC  
> which is using openssl 1.1.1c
>
> CVE-2019-1549
> CVE-2019-1563
> CVE-2019-1547
>
> They are fixed in latest openssl version 1.1.1d.
>
> Do we have plan to upgrade openssl recently?
>
> Thanks

I don’t think 1.1.1d has landed upstream yet.  If you update oe-core to  
1.1.1d I will pick it up once it lands there.

-brad


More information about the openbmc mailing list