Cumulus Linux Is not Susceptible to the OpenSSL Vulnerability CVE-2015-1793

Follow

Issue

Is Cumulus Linux susceptible to the OpenSSL vulnerability where attackers can impersonate cryptographically protected websites, e-mail servers, and virtual private networks?

Environment

  • Cumulus Linux 1.5.0 and later

Resolution

No, Cumulus Linux (any version up to the currently released 2.5.3) is not susceptible to this vulnerability because it was introduced into versions of OpenSSL after the one that is included in Debian Wheezy, upon which Cumulus Linux is based.

Cumulus Linux uses OpenSSL version 1.0.1e, and the affected versions are 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, which are used in the Debian Unstable and Testing branches.

OpenSSL announced a fix, which is being tracked in CVE-2015-1793.

To verify the version used in Cumulus Linux, run openssl version:

cumulus@switch$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

 

Have more questions? Submit a request

Comments

Powered by Zendesk