-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 30 Jul 2002, Chris Adams wrote:
> > Eh .... OpenSSL and OpenSSH are totally different things. > > Yes, but OpenSSH uses the OpenSSL libraries for the encryption routines. I know. It seemed people were confusing OpenSSH and OpenSSL since the letters are so similar. > I'm not sure at this point if OpenSSH uses any of the vulnerable > routines from the OpenSSL libraries (I'm pretty sure that it doesn't use > some of them, but I don't know about the rest). Hard to say. I don't know much about the internals of OpenSSH and OpenSSL to know exactly what does what with what. > However, starting with the RaQ3, Cobalt included the OpenSSL libraries > as part of the RaQ and used OpenSSL to build Apache with SSL support. > There were also both Cobalt and third-party SSL servers available for > previous RaQs. All of those definately are vulnerable to the newly > found holes, as well as some previous ones (the Apache SSL module also > had some security holes found recently that have not been addressed on > Cobalt products). > > Sun/Cobalt needs to release an update for every RaQ server that supports > SSL with updated versions of the SSL module and the OpenSSL libraries. Are we taking bets on how long that will take? :-) - -- Matt Barton Webexcellence PH: 317.423.3548 x22 TF: 800.808.6332 x22 FX: 317.423.8735 [EMAIL PROTECTED] www.webexc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Rttx67cWHlKNnWkRAqOSAJwNlw7YV9nxrDryKayJO4D0ThOqhACdEfZ/ GlD9ydnHOMQgIYQMDdIogns= =esJ1 -----END PGP SIGNATURE----- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
