This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Cumulus Linux Is not Susceptible to the OpenSSL Vulnerability CVE-2015-1793

Follow

Issue

Is Cumulus Linux susceptible to the OpenSSL vulnerability where attackers can impersonate cryptographically protected websites, e-mail servers, and virtual private networks?

Environment

  • Cumulus Linux 1.5.0 and later

Resolution

No, Cumulus Linux (any version up to the currently released 2.5.3) is not susceptible to this vulnerability because it was introduced into versions of OpenSSL after the one that is included in Debian Wheezy, upon which Cumulus Linux is based.

Cumulus Linux uses OpenSSL version 1.0.1e, and the affected versions are 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, which are used in the Debian Unstable and Testing branches.

OpenSSL announced a fix, which is being tracked in CVE-2015-1793.

To verify the version used in Cumulus Linux, run openssl version:

cumulus@switch$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

 

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk