Vulnerability Development mailing list archives
RES: OpenSSL Vulnerability and OpenSSH
From: Renato Araújo Ferreira <rferreira () metrored com br>
Date: Mon, 23 Sep 2002 11:31:44 -0300
as the advisory said: "...upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS...", i did it (apache, ssh)... just in case... -----Mensagem original----- De: Markus Friedl [mailto:markus () openbsd org] Enviada em: segunda-feira, 23 de setembro de 2002 11:15 Para: nestler () speakeasy net Cc: vuln-dev () securityfocus com Assunto: Re: OpenSSL Vulnerability and OpenSSH On Mon, Sep 23, 2002 at 10:24:53AM +0200, Markus Friedl wrote:
On Sat, Sep 21, 2002 at 09:43:48AM -0700, nestler () speakeasy net wrote:On Fri, Sep 20, 2002 at 09:05:59AM -0400, Eric Maiwald wrote:Does anyone know if the same issues affecting OpenSSL on Apache will affect
OpenSSL
when used with OpenSSH?yes. the "issues affecting OpenSSL on Apache" do not affect OpenSSH. OpenSSH does not use libssl (only libcrypto).You seem to imply that all of OpenSSL's problems are in libssl, which is not the case.no. it does not. i just refer to "issues affecting OpenSSL on Apache".
oops, i forgot to add: you should still update the OpenSSL libcrypto library, since it's not know how the ASN.1 bugs affect software using libcrypto (and OpenSSH uses libcrypto).
Current thread:
- RES: OpenSSL Vulnerability and OpenSSH Renato Araújo Ferreira (Sep 23)
- Re: RES: OpenSSL Vulnerability and OpenSSH Ron DuFresne (Sep 23)