Date: Wed, 31 Jul 2002 11:27:32 -0000 From: <net@wsf.at> To: "Simon Dick" <simond@irrelevant.org>, "Adrian Penisoara" <ady@freebsd.ady.ro> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Are OpenSSL bugs related to OpenSSH ? Message-ID: <200207311127.g6VBRWY98818@www.wsf.at> In-Reply-To: <1028113366.1406.0.camel@linux>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon Dick <simond@irrelevant.org> schrieb: > On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > > Hi, > > > > Though I think that the recent OpenSSL buffer overflows don't imply > > that OpenSSH is vulnerable, could someone please confirm this ? > > OpenSSH is linked against OpenSSL, so it's a possibility that it could > be vulnerable, but unless you have ssh statically linked then updating > your openssl version will fix any problems. > Hi Simon, I think this is only true if your version of ssh/sshd was already built with a recent version of OpenSSL (libcrypto.so.3). If your ssh uses libcrypto.so.2, updating OpenSSL to 0.9.6e would still leave your ssh vulnerable (same applies to any other build using OpenSSL) Thomas BTW: which version of OpenSSL bumped so.2 -> so.3 ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207311127.g6VBRWY98818>