Security

From Yocto Project
Revision as of 18:06, 26 May 2011 by Sgarman (talk | contribs) (Created page with 'Since the Yocto Project is intended to be flexible and meet the needs of many applications, we leave policy-making decisions around security to our end users. Our goal instead is…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Since the Yocto Project is intended to be flexible and meet the needs of many applications, we leave policy-making decisions around security to our end users. Our goal instead is to ship each release with metadata that follows best practices in that we do not release recipe versions which are known to have significant security vulnerabilities. Generally this is done by upgrading recipes to newer versions that are no longer vulnerable to these issues.

We are tracking security vulnerabilities in the Yocto Project against the National Vulnerability Database.

Security Issues Addressed in Yocto 1.0.1 / Poky 5.0.1

The following security advisories are addressed in the Yocto Project 1.0.1 / Poky "Bernard" 5.0.1:

  • avahi: CVE-2011-1002
  • libexif: CVE-2007-6351, CVE-2007-6352, CVE-2009-3895
  • libxml2: CVE-2010-4008
  • openssl: CVE-2010-4180, CVE-2010-4252, CVE-2010-0014
  • rsync: CVE-2011-1097
  • rsync (GPLv2): CVE-2007-4091
  • rxvt-unicode: CVE-2006-0126
  • tar (GPLv2): CVE-2010-0624