This update can be applied via the package manager in your distribution or by downloading the tar file from https://github.com/contiki/contiki-ng/releases/. For users running a system which uses 6LoWPAN, we recommend updating your Contiki-NG system to version 4.8 or above. This update has been tested on Debian 9 Stretch, Ubuntu 18.04 and Fedora 28.
What is this update?
This update is a security update for the Contiki-NG system and includes the following changes:
- The Linux kernel has been updated to 4.4.139. This update also updates the Linux userspace drivers and modules which are used by Contiki-NG.
- The OpenSSL library has been updated with new upstream versions, including 1.1.0h, 1.0.2i, and 1.0.2j.
- An out of bounds memory read flaw was found in the way some OpenSSL packages compiled certain SSL/TLS protocols that could be exploited by attackers to crash an application using those protocols (CVE-2019-13094). This issue affects some servers running OpenSSL using a specific configuration parameter as well as some clients relying on OpenSSL's support for opportunistic TLS handshakes (CVE-2019-13095).
The following configuration options were fixed:
* Prevent libressl from performing unsafe opportunistic TLS handshakes by default (CVE-2019-13095)
* Fix compilation of OpenSSL with the --enable-tls12 option on 32 bit architectures (CVE-2019-13094)
These updates will be applied automatically when upgrading from 4.7 to 4.8 if you have not already done so or if you have enabled auto upgrade in your repository settings (repository settings will appear after logging in). If you need to manually apply this update, please follow these
New Features of 4.8
Changes made in this release are listed below:* Added support for uIP, a new implementation of 6LoWPAN and IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) that is being standardized as a part of IETF Pending 802.15.4 standard.* Contiki-NG now has support for the 802.15.4-based uIP stack which allows it to be used on newer hardware that supports this standard and to also run on legacy systems with an 802.15.4 radio.* In order to ease migration from the old project to the new one, we have created a new branch of our git repository which will contain the old codebase, which will not be developed further, but may provide compatibility with older versions of Contiki-NG or other projects that depend on it.* The default configuration file for Contiki-NG is now located at /etc/contiki-ng/configuration.yaml instead of /usr/local/etc/contiki-ng/configuration.yaml and it also includes instructions on how to modify its layout without modifying the source code itself.* There is a new API endpoint available at http://localhost:3000/_api/run_async_update_v3 which can be used by developers to run their apps asynchronously against updates in order to minimize impact and avoid blocking user's devices when updating software or firmware. This API endpoint replaces the one previously available at
What is 6LoWPAN?
The 6LoWPAN protocol is designed to be used in constrained networks such as those found in microgrids, where the network is composed of a group of interconnected devices that cannot physically connect to each other. It allows nearby devices to communicate without an IP connection or over the air by using a fixed addressing scheme and routing messages on top of UDP for security.
Contiki-NG 4.8 includes the latest bug fixes and enhancements found in 4.6, including a handful of minor improvements:
- Added support for Cisco IOS Wireless (IOS-XR)
- Added support for Dell EMC OpenManage Server Administrator 2.5
- Added support for HPE FlexFabric Aruba Instant Clients
- Moved all configuration files out of /etc/contiki and into /usr/share/contiki/conf/
Timeline
Published on: 09/01/2022 12:15:00 UTC
Last modified on: 09/07/2022 17:09:00 UTC