10/04/2014 12:58 - Cyrus Lopez wrote: > > > >> > >> SSH is not affected. > >> > > > > SSH is indeed not affected, but I guess you should still consider the > > secret sshd key on your otherwise affected server as burnt, as it might > > have been in the memory too while an attacker was inspecting it via > > heartbleed. Better recreate the secret ssh key and all other secret keys on > > your server as well. But, again, the OpenSSH protocol/software per se are > > not affected. > > > This is incorrect. The heartbleed exploit would have only returned portions of > memory that were under the control of OpenSSL, not general memory used by > other > processes on the system. > > > >
Thanks for the update. I wasn't aware of that. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
