31232

OpenSSL Security Alert Mail from Google Play for android apps [duplicate]

Question:

This question already has an answer here:

<ul><li> <a href="/questions/24197777/google-play-and-openssl-warning-message" dir="ltr" rel="nofollow">Google Play and OpenSSL warning message</a> <span class="question-originals-answer-count"> 5 answers </span> </li> </ul>

I am developing android apps in AndEngine and Cocos2dx.<br /> I have received a mail today from Google Play, that says: "One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. ..."<br /> I download an app called bluebox testing(HeartBleed Scanner).<br /> What i found was, apps build using cocos2dx were the apps with openSSL while apps build using AndEngine were not in the list generated by heartbleed scanner.<br /> Is there anyone who knows the issue exactly and how to solve it?

Answer1:

Right now i have found one solution. The apps build in cocos2dx have this line in Android.mk<br /> $(call import-module,extensions)<br /> I just removed that line and removed the errors.<br /> Clean build my app and run it again.<br /> It was surprisingly removed from open SSL list generated by HeartBleed Scanner. I hope it works for the guys using cocos2dx.

Answer2:

open ssl 1.0.1g has a vulnerability that is fixed in 1.0.1h. Check out the latest post here:

<a href="http://www.openssl.org/news/vulnerabilities.html" rel="nofollow">http://www.openssl.org/news/vulnerabilities.html</a>

Recommend

  • Authentication Request to Spotify Web API Rejected
  • Excluding an action from authorization in ASP.NET MVC 2
  • Restful authentication for non browser consumers
  • git cloning behind proxy — different behavior, same command
  • How can we compress images in DAM AEM6.3?
  • asp.net mvc encode on form post
  • Installing apk from within application in android
  • Unique SMS sender id?
  • 3.0.0.M1: SSL - Invalid keystore format
  • Convert RSA pem key String to der byte[]
  • Local Development, Apache vs Developer - file permissions
  • Embedded Glassfish JPA Datasource connection fail
  • HttpListener.IsSupported is false on XP SP3
  • Enabling DTD support in Sql Server
  • GAE: Way to get reference to an HttpSession from its ID?
  • saving file generated by TCPDF
  • Does Mobilefirst provide a provision to access web services directly?
  • Content-Length header not returned from Pylons response
  • Python urlparse: small issue
  • Repeat a vertical line on every page in Report Builder / SSRS
  • Android screen density dpi vs ppi
  • req.body is undefined - nodejs
  • Bug in WPF DataGrid
  • Deserializing XML into class C#
  • Can I make an Android app that runs a web view in Chrome 39?
  • Symfony2: How to get request parameter
  • Why winpcap requires both .lib and .dll to run?
  • Akka Routing: Reply's send to router ends up as dead letters
  • Is there a mandatory requirement to switch app.yaml?
  • retrieve vertices with no linked edge in arangodb
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • How to include full .NET prerequisite for Wix Burn installer
  • How to set the response of a form post action to a iframe source?
  • Understanding cpu registers
  • Are Kotlin's Float, Int etc optimised to built-in types in the JVM? [duplicate]
  • Add sale price programmatically to product variations
  • unknown Exception android
  • costura.fody for a dll that references another dll
  • java string with new operator and a literal
  • jQuery Masonry / Isotope and fluid images: Momentary overlap on window resize