confusion over RSAref vul w/OpenSS[HL]
Chris Saia
csaia at wtower.com
Sun Dec 5 08:16:24 EST 1999
Howdy,
The string of notices on BugTraq about RSAref being vulnerable to
overflows has me concerned. After trying to sort through all the
messages, I can't figure out whether I need to update OpenSSL (a
check of their website indicates no new patches), OpenSSH, both, or
neither. I am aware there is no known exploit for it yet.
I could be a bad boy and just run all the code without RSAref, given
that my software builds will probably outlast the (ridiculous)
software patent, which expires in 10 months. However, I figure I
best pursue a legitimate [legal] solution first.
What's the deal?
Best,
"Burned in Boston"
--
===============================================================================
csaia at wtower.com, WTnet IRC Administrator - http://www.wtower.com/~csaia/
GNU Privacy Guard Public Key information is available at the above URL.
===============================================================================
More information about the openssh-unix-dev
mailing list