OpenBMC CVE issues in openssl
Wang, Kuiying
kuiying.wang at intel.com
Tue Sep 24 12:25:56 AEST 2019
Hi Brad,
Openssl is already upgrade to 1.1.1d, so please help sync to the latest version.
https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-connectivity/openssl
Please let me know, if you need me to submit patch for this upgrading.
Thanks,
Kwin.
> Hi,
>
> Some openssl vulnerabilities are found by security scan on latest OpenBMC
> which is using openssl 1.1.1c
>
> CVE-2019-1549
> CVE-2019-1563
> CVE-2019-1547
>
> They are fixed in latest openssl version 1.1.1d.
>
> Do we have plan to upgrade openssl recently?
>
> Thanks
I don't think 1.1.1d has landed upstream yet. If you update oe-core to
1.1.1d I will pick it up once it lands there.
-brad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190924/377a254f/attachment.htm>
More information about the openbmc
mailing list