Wind River® is aware of and has analyzed the six recently announced OpenSSL vulnerabilities reported as CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and CVE-2016-2176. In cases where there is susceptibility, the appropriate remediation is noted. For more details on these security vulnerabilities, see https://www.openssl.org/news/vulnerabilities.html#y2016.

Product Vulnerability Exposure


The following is a list of Wind River products and their vulnerability to these OpenSSL security vulnerabilities. For products that are affected, a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)



Product

Vulnerable

Versions

Remediation

Wind River Linux

Yes

8.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38450/0001-openssl-six-security-issue-on-WRL8.patch

Wind River Linux

Yes

7.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38448/0001-openssl-six-security-issue-on-WRL7.patch

Wind River Linux

Yes

6.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38447/0001-openssl-six-security-issue-on-WRL6.patch

Wind River Linux

Yes

5.0.1.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38446/0001-openssl-six-security-issue-on-WRL5.patch

Wind River Linux

Yes

4.3.0.x

Contact local customer support

Wind River Intelligent Device Platform

Yes

1.0, 2.0.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38446/0001-openssl-six-security-issue-on-WRL5.patch

Wind River Intelligent Device Platform XT

Yes

3.0.x

Hot patch* http://edelivery.windriver.com/release/ols/K-505943-38448/0001-openssl-six-security-issue-on-WRL7.patch



Note: *You need an account to access the patches.