[OpenWrt-Devel] OpenSSL: update to 1.0.1g - heartbleed bug

John Crispin john at phrozen.org
Thu Apr 10 22:45:13 CEST 2014


Heartbleed - libopenssl AA binary feed update

we updated the AA release. the files libopenssl_1.0.1e-1_*.ipk have
been replaced with libopenssl_1.0.1g-1_*.ipk and the Packages index
was updated. If you use openssl on your unit you need to run :

# opkg update
# opkg upgrade libopenssl

In order to ensure that all affected services are using the updated
OpenSSL library it is recommended to reboot the device after applying
the upgrade.

To find out more about the bug go to - http://heartbleed.com/

Note that default OpenWrt installations are not vulnerable to the
particular bug, neither the builtin SSH server nor the optional LuCI
SSL support rely on OpenSSL for cryptography.

The OpenSSL library is not installed within the stock images available
on the download server.

This is not a lightweight bug. Please take it serious and check your unit.

    OpenWrt Developers


More information about the openwrt-devel mailing list