Re: OpenSSH affected by recent OpenSSL security problems?

From: Nico Kadel-Garcia (nkadel@verizon.net)
Date: 03/23/03

• Next message: Greg McLearn: "ssh with interactive and non-interactive processes"
• Previous message: Neil W Rickert: "Re: OpenSSH affected by recent OpenSSL security problems?"
• In reply to: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Next in thread: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Reply: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Nico Kadel-Garcia <nkadel@verizon.net>
Date: Sun, 23 Mar 2003 22:25:31 GMT

Dimitri Maziuk wrote:
> Neil W Rickert sez:
>
>>iglesias@draco.acs.uci.edu (Mike Iglesias) writes:
>>
>>
>>>There have been a couple of security problems with OpenSSL recently (timing
>>>based attack and the Klima-Pokorny-Rosa attack, see http://www.openssl.org/
>>>for more information). I was wondering if these issues affect OpenSSH, and
>>>how serious is this for OpenSSH. Basically I want to know how soon I need
>>>to rebuild OpenSSH with a new OpenSSL library for all the architectures we
>>>build it for.
>>
>
> ....
>
>
>>If you are using dynamic openssl libraries, then you should only
>>need to rebuild those without recompiling openssh.
>
>
> That's what I thought. And then I found out that libcryto's soname
> is 0.9.7 (old one had 0.9.6). So you can't upgrade from 0.9.6x to
> 0.9.7y without rebuilding openssh and everything else linked with
> openssl's so's.
>
> Dima

Yes, you can. You have to build a spare set of compatibility libraries
for old software you're not ready to replace: take a look at the RedHat
RPM's for how such things can be done.

• Next message: Greg McLearn: "ssh with interactive and non-interactive processes"
• Previous message: Neil W Rickert: "Re: OpenSSH affected by recent OpenSSL security problems?"
• In reply to: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Next in thread: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Reply: Dimitri Maziuk: "Re: OpenSSH affected by recent OpenSSL security problems?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [opensuse] Re: suse 11.x sources ... done in the linux open-source world all the time. ... the need to 'recompile' openssh? ... I believe his warning isn't so much just the need to rebuild openssh, it is that there are many OTHER packages that are built against the libraries in openssh, which all may need to be rebuilt against the newer version of openssh. ... (SuSE) Re: SSH TCP forwarding: works with v1, not with v2 ssh ... > I feel like a newbie, but I can't tell how to rebuild just the openssh ... > contributed src, ... Or just rebuild and install everything under /usr/secure. ... To Unsubscribe: send mail to majordomo@FreeBSD.org ... (freebsd-questions) Re: SSH TCP forwarding: works with v1, not with v2 ssh ... > I feel like a newbie, but I can't tell how to rebuild just the openssh ... > contributed src, ... Or just rebuild and install everything under /usr/secure. ... (FreeBSD-Security) Re: Does the new OpenSSL vulnerability affect OpenSSH? ... MI> affect OpenSSH? ... I'd like to know whether I need to rebuild ... MI> OpenSSH ASAP or not. ... SSL/TLS code, and the ASN.1 parser, neither of which are used by OpenSSH, ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint