On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
<matthew.fin...@gmail.com> wrote:
> On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
>> On 04/10/2014 05:03 PM, Adam Carter wrote:
>> >
>> >     What surprises me here is OpenSSH. It's not supposed to use OpenSSL
>> >     but Debian update process suggests to restart it after updating
>> >     OpenSSL to a fixed version. Is it an overkill on their part? It
>> >     might confuse admins.
>> >
>> >
>> > adam@proxy ~ $ ldd /usr/sbin/sshd
>> >     linux-vdso.so.1 (0x00007fffb068e000)
>> >     libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f68db1e6000)
>> >     libpam.so.0 => /lib64/libpam.so.0 (0x00007f68dafd8000)
>> >     libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 
>> > (0x00007f68dabf5000)
>> >     libutil.so.1 => /lib64/libutil.so.1 (0x00007f68da9f2000)
>> >     libz.so.1 => /lib64/libz.so.1 (0x00007f68da7db000)
>> >     libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f68da5a4000)
>> >     libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68da387000)
>> >     libc.so.6 => /lib64/libc.so.6 (0x00007f68d9fd7000)
>> >     libgcc_s.so.1 =>
>> > /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 (0x00007f68d9dc0000)
>> >     libdl.so.2 => /lib64/libdl.so.2 (0x00007f68d9bbc000)
>> >     /lib64/ld-linux-x86-64.so.2 (0x00007f68db3f1000)
>> > adam@proxy ~ $ qfile /usr/lib64/libcrypto.so.1.0.0
>> > dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0)
>> > adam@proxy ~ $
>> >
>> > So OpenSSH clearly IS using OpenSSL, and you need to restart sshd after
>> > upgrading OpenSSL.
>>
>> As far as I know, it doesn't use it for the communication itself, just
>> some key generations, so it shouldn't be affected by this bug. But I
>> guess better safe than sorry...
>>
>
> Right. heartbleed does not directly affect openssh, but openssh uses
> openssl and it's good practice to keep the shared libraries on-disk and
> the shared libraries in-memory in sync.
>


How is OpenSSH not affected?

Reply via email to