Wind River® is aware of and has analyzed the OpenSSL vulnerability known as Heartbleed. In cases where there is a vulnerability, the appropriate remediation is noted. For more details on this security vulnerability see http://heartbleed.com and CVE-2014-0160

Product Vulnerability Exposure


The following is a list of Wind River products and their vulnerability to the Heartbleed security vulnerability. For products that are affected, a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)



Product

Vulnerable

Versions

Remediation

VxWorks

No

5.x, 6.x, 7

 

Wind River Linux

Yes

5.0.1.x, 6.0.0.x

Hot patch* (https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043287&docId=56294&_adf.ctrl-state=1mgs10qc7_39

Note: Linux 3.x, 4.x are not vulnerable

Wind River Intelligent Network Platform

Yes

3.4.x

Workaround* available https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043291&_adf.ctrl-state=mo8dpxkl8_4

Wind River Intelligent Device Platform

Yes

1.0, 2.0.x

OpenSSL 1.0.0 is not affected (default)
OpenSSL 1.0.1e is vulnerable—hot patch* https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043287&docId=56294&_adf.ctrl-state=1mgs10qc7_39

Wind River Intelligent Device Platform XT

 

2.0.x

OpenSSL 1.0.0 is not affected (default)
OpenSSL 1.0.1e is vulnerable—hot patch* https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043287&docId=56294&_adf.ctrl-state=1mgs10qc7_39

Wind River products for Android

No

All

Note: This applies to Wind River value-add products for Android

Wind River Hypervisor

No

All

 

Wind River VxWorks MILS Platform

No

All

 

Wind River VxWorks 653 Platform

No

All

 

Wind River Open Virtualization

No

All

 

Wind River Workbench

No

All

 

Wind River Simics

No

All

 

Wind River Workbench On-Chip Debugging

No

All

 

Wind River Diab Compiler

No

All

 



Note: *You need an account to access the patches.