Security
From Yocto Project
Jump to navigationJump to search
Since the Yocto Project is intended to be flexible and meet the needs of many applications, we leave policy-making decisions around security to our end users. Our goal instead is to ship each release with metadata that follows best practices in that we do not release recipe versions which are known to have significant security vulnerabilities. Generally this is done by upgrading recipes to newer versions that are no longer vulnerable to these issues.
We are tracking security vulnerabilities in the Yocto Project against the National Vulnerability Database.
Security Issues Addressed in Yocto 1.0.1 / Poky 5.0.1
The following security advisories are addressed in the Yocto Project 1.0.1 / Poky "Bernard" 5.0.1:
- avahi: CVE-2011-1002
- libexif: CVE-2007-6351, CVE-2007-6352, CVE-2009-3895
- libxml2: CVE-2010-4008
- openssl: CVE-2010-4180, CVE-2010-4252, CVE-2010-0014
- rsync: CVE-2011-1097
- rsync (GPLv2): CVE-2007-4091
- rxvt-unicode: CVE-2006-0126
- tar (GPLv2): CVE-2010-0624