Re: OpenSSH affected by recent OpenSSL security problems?

From: Neil W Rickert (rickert+nn@cs.niu.edu)
Date: 03/23/03 

From: Neil W Rickert <rickert+nn@cs.niu.edu>
Date: 23 Mar 2003 20:53:25 GMT

Dimitri Maziuk <dima@127.0.0.1> writes:
>Neil W Rickert sez:

>...

>> If you are using dynamic openssl libraries, then you should only
>> need to rebuild those without recompiling openssh.

>That's what I thought. And then I found out that libcryto's soname
>is 0.9.7 (old one had 0.9.6). So you can't upgrade from 0.9.6x to
>0.9.7y without rebuilding openssh and everything else linked with
>openssl's so's.

My comment was specifically about applying the patches posted at the
openssl site, and then recompiling. The version number does not
change with that.

When I went from 0.9.6g to 0.9.7, I did recompile everything that
uses openssl.

Relevant Pages

  • Re: sshd dies with compression
    ... We're using OpenSSH 3.6.1p1, mostly on AIX, ... > were cured by compiling and installing the current zlib ... I'm using zlib 1.1.4, statically linked to OpenSSH. ... > you're using that I suggest upgrading it and recompiling openssl, ...
    (comp.security.ssh)
  • OpenSSL 0.9.7c vulnerability (part II)
    ... I've tested installing OpenSSH without recompiling it and it works ... correctly, but the problem is, what libraries OpenSSH use: ... fact I don't know what libraries OpenSSH use... ... > thx in advance, ...
    (SunManagers)
  • Re: Multiple Vulnerabilities In OpenSSL
    ... >>> Am I correct in assuming that this affects the security of OpenSSH as ... and am thusly in the process of rebuilding openssh ... There are a number of other binaries on my system ...
    (comp.os.linux.security)
  • Re: Multiple Vulnerabilities In OpenSSL
    ... >> Am I correct in assuming that this affects the security of OpenSSH as ... > If openssl was used to compile ssh, ... and am thusly in the process of rebuilding openssh ...
    (comp.os.linux.security)