Re: OpenSSL Vulnerability and OpenSSH
From: Markus Friedl (markus@openbsd.org)Date: 09/23/02
- Previous message: h1kari: "ToorCon 2002 This Weekend"
- In reply to: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Next in thread: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Sep 2002 16:14:31 +0200 From: Markus Friedl <markus@openbsd.org> To: nestler@speakeasy.net
On Mon, Sep 23, 2002 at 10:24:53AM +0200, Markus Friedl wrote:
> On Sat, Sep 21, 2002 at 09:43:48AM -0700, nestler@speakeasy.net wrote:
> > > On Fri, Sep 20, 2002 at 09:05:59AM -0400, Eric Maiwald wrote:
> > > > Does anyone
> > > > know if the same issues affecting OpenSSL on Apache will affect OpenSSL
> > > > when used with OpenSSH?
> > >
> > > yes.
> > >
> > > the "issues affecting OpenSSL on Apache" do not affect OpenSSH.
> > >
> > > OpenSSH does not use libssl (only libcrypto).
> >
> > You seem to imply that all of OpenSSL's problems are in libssl,
> > which is not the case.
>
> no. it does not. i just refer to "issues affecting OpenSSL on Apache".
oops, i forgot to add: you should still update the OpenSSL libcrypto
library, since it's not know how the ASN.1 bugs affect software using
libcrypto (and OpenSSH uses libcrypto).
- Previous message: h1kari: "ToorCon 2002 This Weekend"
- In reply to: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Next in thread: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
