Ask / Submit
22

[request] fast critical security updates [answered]

asked 2014-11-27 17:02:40 +0300

lion gravatar image

Found that latest updated SailfishOS on jolla (1.0.8.21) have outdated OpenSSL 1.0.1h while most recent version is openssl 1.0.1j https://www.openssl.org/news/openssl-1.0.1-notes.html

I think such critical component must be updated more quickly, like in any other popular linux distribution.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by eric
close date 2014-11-28 15:57:27.971377

1 Answer

Sort by » oldest newest most voted
4

answered 2014-11-28 15:02:51 +0300

tigeli gravatar image

All the _vulnerabilities_ fixed on that openssl version are server side issues. Sure there is support for TLS_FALLBACK_SCSV but it is only to be used by applications which support protocol fallback (and would require support from application side as well).

The next update will however include the "j"-update.

edit flag offensive delete publish link more

Comments

No matter client or server side, server side packages like openssh depends from openssl too. There may be user client and server apps as well.

lion ( 2014-11-30 17:17:20 +0300 )edit

Question tools

Follow
3 followers

Stats

Asked: 2014-11-27 17:02:40 +0300

Seen: 325 times

Last updated: Nov 28 '14