BBHN Not affected by Heartbleed

Written by Administrator

4/11/14

Security Review: OpenSSL Heartbleed vulnerability and BBHN

CVE-2014-0160

By default the distribution does not contain the openssl libraries in the distributed build OpenSSL is however available from the package repositories we publish.

Packages available in repository for installation on 4/11/14.

Linksys Build:

libopenssl 0.9.8e

NOT AFFECTED

Ubiquiti Build:

libopenssl 0.9.8r

NOT AFFECTED

At this time it appears we are not affected by the heartbleed vulnerability and do not require deployment of any remediation at this time.

End users may have however used outside sources to update their openssl library to a version other than our core distribution. Each end user would need to evaluate their own security if they are using non default repositories.

Submitted:

Conrad Lara

KG6JEI

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

http://broadband-hamnet.org/download/backfire/10.03.1/ar71xx/packages/Packages

http://broadband-hamnet.org/download/kamikaze/7.09/brcm-2.4/packages/Packages