[yocto] openssl and heartbleed

Michael Halstead michael at yoctoproject.org
Wed Apr 16 15:42:43 PDT 2014


On 04/14/2014 07:41 AM, Martin Jansa wrote:
> On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
>> Does the Yocto project plan to have some response to the heartbleed exploit in openssl in the near term?  Has this already been addressed?
> It was already addressed for master, daisy, dora and dylan.
It's a separate issue but as far as the yoctoproject.org infrastructure
is concerned our primary SSL termination server runs OpenSSL 0.9.8k and
was not vulnerable to heartbleed. Other servers were not publicly
accessible and were patched quickly after the announcement. On the build
hosts the only running service linked linked against OpenSSL was NTP. We
discussed this on the
https://www.yoctoproject.org/tools-resources/community/weekly-technical-call
the day after heartbleed was announced.

Michael Halstead
Yocto Project / Sys Admin

>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140416/d4d3063e/attachment.html>


More information about the yocto mailing list