What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
Debian update process suggests to restart it after updating OpenSSL to a
fixed version. Is it an overkill on their part? It might confuse admins.
adam@proxy ~ $ ldd /usr/sbin/sshd
linux-vdso.so.1 (0x7fffb068e000)
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process suggests to restart it after updating
OpenSSL to a fixed version. Is it an overkill on their part? It
might confuse admins.
adam@proxy
Am Wed, 9 Apr 2014 18:06:35 -0600
schrieb Joseph syscon...@gmail.com:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
Just FYI: security issues such as this
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process suggests to restart it after updating
OpenSSL to a fixed version. Is it an
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
matthew.fin...@gmail.com wrote:
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
alive). OpenSSL does not use TLS for transport security, it uses its
own Protokoll for security.
2014-04-10 12:51 GMT+02:00 Nilesh Govindrajan m...@nileshgr.com:
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
Exactly, OpenSSH depends on OpenSSL, but should never use the buggy code.
Some details in the answer here:
http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys
On 04/10/2014 07:00 PM, Randolph Maaßen wrote:
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
On Thu, 10 Apr 2014 10:52:21 +, Matthew Finkel wrote:
Right. heartbleed does not directly affect openssh, but openssh uses
openssl and it's good practice to keep the shared libraries on-disk and
the shared libraries in-memory in sync.
The easiest way to do that is with
Hello Joseph,
On 04/10/2014 02:06 AM, Joseph wrote:
Is gentoo effected by this new 'Heartbleed' bug?
yes it is, as all OpenSSL versions 0.9.8 were affected.
And Gentoo supported those versions.
So Gentoo also was affected but it supports the new
heartbleed-bug-fixed version 1.0.1g.
I *think*
On 04/09/2014 08:06 PM, Joseph wrote:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
Yes, upgrade your OpenSSL to the latest stable version, and if 1.0.1g
On Thursday, 10 April 2014 04:32:34 MSK, Michael Orlitzky wrote:
Yes, upgrade your OpenSSL to the latest stable version, and if 1.0.1g
isn't stable on your arch (it should be unless it's a weird one), unset
USE=tls-heartbeat like Ralf said.
But that's not your big problem. If you operate any
11 matches
Mail list logo