We have moved to a new Sailfish OS Forum. Please start new discussions there.

[request] fast critical security updates [answered]

asked 2014-11-27 17:02:40 +0300

lion
281 ●4 ●6 ●7

Found that latest updated SailfishOS on jolla (1.0.8.21) have outdated OpenSSL 1.0.1h while most recent version is openssl 1.0.1j https://www.openssl.org/news/openssl-1.0.1-notes.html

I think such critical component must be updated more quickly, like in any other popular linux distribution.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by eric
close date 2014-11-28 15:57:27.971377

1 Answer

Sort by » oldest newest most voted

answered 2014-11-28 15:02:51 +0300

tigeli

9543 ●111 ●112 ●130

admin

All the _vulnerabilities_ fixed on that openssl version are server side issues. Sure there is support for TLS_FALLBACK_SCSV but it is only to be used by applications which support protocol fallback (and would require support from application side as well).

The next update will however include the "j"-update.

edit flag offensive delete publish link

Comments

No matter client or server side, server side packages like openssh depends from openssl too. There may be user client and server apps as well.

lion ( 2014-11-30 17:17:20 +0300 )edit

Question tools

3 followers

Stats

Asked: 2014-11-27 17:02:40 +0300

Seen: 407 times

Last updated: Nov 28 '14

[request] fast critical security updates [answered]

The question has been closed for the following reason "the question is answered, an answer was accepted" by eric close date 2014-11-28 15:57:27.971377

1 Answer

Comments

Question tools

Public thread

Stats

Related questions

The question has been closed for the following reason "the question is answered, an answer was accepted" by eric
close date 2014-11-28 15:57:27.971377