>>>>> "Schill" == Schill chill <[EMAIL PROTECTED]> writes:
Schill> hi all, I am resending this because i didn't receive the
Schill> mail i have sent earliar to this list.
Schill> Recently some vulnerabilities have been found in openssl
Schill> as given in the following link
Schill> http://www.openssl.org/news/secadv_20020730.txt
Schill> Since openssh uses openssl, will it have any impact on
Schill> the openssh security.
Good question. As far as I can make out OpenSSH on 32-bit platforms
shouldn't be affected. OpenSSH on 64-bit platforms could be
vulnerable to the integer string representation problem. OpenSSH
shouldn't be vulnerable to the ASN.1 DoS, unless it is compiled with
Kerberos support (on any platform).
Summary:
- If you have compiled OpenSSH with Kerberos support, upgrade OpenSSL
- If you are running OpenSSH on a 64-bit platform, upgrade OpenSSL
- If neither of the above two, you may be able to relax.
Summary of the summary:
- Upgrade and play it safe. That's what I did.
Disclaimer:
This is my understanding of the OpenSSL problems and the relationship
between OpenSSH and OpenSSL. I could be wildly wrong.
Regards,
-- Raju
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
