Ask / Submit
9

Status/Plan for latest openssl vulnerabilities (CVE 2014-0224 and others) [Fixed in Saapunki] [released]

asked 2014-06-06 08:40:31 +0300

lenggi gravatar image

updated 2014-06-11 15:47:51 +0300

chemist gravatar image

I wanted to ask what the plan is regarding the latest openssl vulnerabilities, especially CVE-2014-0224.

Can we expect it to be included with the June update (I am willing to another week if so) or would it rather be minor update as we had it with the mms fixes?

PS I would be kind of a bummer if this would have to wait until August...

The update was delayed by a few days to test this. So it is now fixed in Saapunki 1.0.7.16

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by chemist
close date 2014-06-11 15:48:08.207936

1 Answer

Sort by » oldest newest most voted
18

answered 2014-06-06 12:31:39 +0300

tigeli gravatar image

CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 will be fixed in the upcoming update.

edit flag offensive delete publish link more

Comments

Good to hear. However, did this cause extra delay? The GnuTLS library in the current release is broken as well. According to earlier comment, this will be fixed in the upcoming release too. But in the mean time, we're still vulnerable...

Fuzzillogic ( 2014-06-06 12:43:30 +0300 )edit

@Fuzzillogic If you're really worried you are a target for those exploits and you need a fix now you can upgrade the library yourself . And accept potential breakage that comes with the update.

The sane answer is. Sit back and relax, have nice $favourite_beverage and wait for the update that is coming soon ;)

Philippe De Swert ( 2014-06-06 13:52:52 +0300 )edit

Do we have an ETA for 'upcoming'?

strongm ( 2014-06-06 15:11:23 +0300 )edit

@Fuzzillogic Yes, it causes extra delay as we need to make sure everything still works after patching the openssl.

@strongm No, we do not have publicly available ETA other than early June. :)

tigeli ( 2014-06-06 17:56:41 +0300 )edit
2

Excellent! We'll soon be running out of early June ... ;-)

strongm ( 2014-06-07 01:10:29 +0300 )edit

Question tools

Follow
2 followers

Stats

Asked: 2014-06-06 08:40:31 +0300

Seen: 678 times

Last updated: Jun 11 '14