Wind River® is aware of and has analyzed the OpenSSL vulnerability known as Heartbleed. In cases where there is a vulnerability, the appropriate remediation is noted. For more details on this security vulnerability see http://heartbleed.com and CVE-2014-0160
Product Vulnerability Exposure
The following is a list of Wind River products and their vulnerability to the Heartbleed security vulnerability. For products that are affected, a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)
Product |
Vulnerable |
Versions |
Remediation |
VxWorks |
No |
5.x, 6.x, 7 |
|
Wind River Linux |
Yes |
5.0.1.x, 6.0.0.x |
Note: Linux 3.x, 4.x are not vulnerable |
Wind River Intelligent Network Platform |
Yes |
3.4.x |
Workaround* available https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043291&_adf.ctrl-state=mo8dpxkl8_4 |
Wind River Intelligent Device Platform |
Yes |
1.0, 2.0.x |
OpenSSL 1.0.0 is not affected (default) |
Wind River Intelligent Device Platform XT |
|
2.0.x |
OpenSSL 1.0.0 is not affected (default) |
Wind River products for Android |
No |
All |
Note: This applies to Wind River value-add products for Android |
Wind River Hypervisor |
No |
All |
|
Wind River VxWorks MILS Platform |
No |
All |
|
Wind River VxWorks 653 Platform |
No |
All |
|
Wind River Open Virtualization |
No |
All |
|
Wind River Workbench |
No |
All |
|
Wind River Simics |
No |
All |
|
Wind River Workbench On-Chip Debugging |
No |
All |
|
Wind River Diab Compiler |
No |
All |
|
Note: *You need an account to access the patches.