Wind River® is aware of and has analyzed the six recently announced OpenSSL vulnerabilities reported as CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and CVE-2016-2176. In cases where there is susceptibility, the appropriate remediation is noted. For more details on these security vulnerabilities, see https://www.openssl.org/news/vulnerabilities.html#y2016.
Product Vulnerability Exposure
The following is a list of Wind River products and their vulnerability to these OpenSSL security vulnerabilities. For products that are affected, a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)
Product |
Vulnerable |
Versions |
Remediation |
Wind River Linux |
Yes |
8.x |
|
Wind River Linux |
Yes |
7.x |
|
Wind River Linux |
Yes |
6.x |
|
Wind River Linux |
Yes |
5.0.1.x |
|
Wind River Linux |
Yes |
4.3.0.x |
|
Wind River Intelligent Device Platform |
Yes |
1.0, 2.0.x |
|
Wind River Intelligent Device Platform XT |
Yes |
3.0.x |
Note: *You need an account to access the patches.