OpenBMC CVE issues in openssl
Brad Bishop
bradleyb at fuzziesquirrel.com
Thu Sep 19 00:49:30 AEST 2019
at 2:05 AM, Xu, Qiang <qiang.xu at linux.intel.com> wrote:
> Hi,
>
> Some openssl vulnerabilities are found by security scan on latest OpenBMC
> which is using openssl 1.1.1c
>
> CVE-2019-1549
> CVE-2019-1563
> CVE-2019-1547
>
> They are fixed in latest openssl version 1.1.1d.
>
> Do we have plan to upgrade openssl recently?
>
> Thanks
I don’t think 1.1.1d has landed upstream yet. If you update oe-core to
1.1.1d I will pick it up once it lands there.
-brad
More information about the openbmc
mailing list