From owner-freebsd-security Wed Jul 31 4: 3:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C02E137B400 for ; Wed, 31 Jul 2002 04:03:22 -0700 (PDT) Received: from office.advantage-interactive.com (host217-37-74-237.in-addr.btopenworld.com [217.37.74.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4F5E43E31 for ; Wed, 31 Jul 2002 04:03:16 -0700 (PDT) (envelope-from simond@irrelevant.org) Received: from devbox.advantage-interactive.com ([192.168.254.128]) by office.advantage-interactive.com with esmtp (Exim 3.36 #1) id 17ZrFe-00009X-00; Wed, 31 Jul 2002 12:02:46 +0100 Subject: Re: Are OpenSSL bugs related to OpenSSH ? From: Simon Dick To: Adrian Penisoara Cc: freebsd-security@freebsd.org In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 31 Jul 2002 12:02:45 +0100 Message-Id: <1028113366.1406.0.camel@linux> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > Hi, > > Though I think that the recent OpenSSL buffer overflows don't imply > that OpenSSH is vulnerable, could someone please confirm this ? OpenSSH is linked against OpenSSL, so it's a possibility that it could be vulnerable, but unless you have ssh statically linked then updating your openssl version will fix any problems. -- Simon Dick simond@irrelevant.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message