Recent OpenSSL vulnerability require rebuild of OpenSSH
Markus Friedl
markus at openbsd.org
Wed Oct 1 19:24:50 EST 2003
recent openssh versions avoid the ASN.1 code
from openssl. only reading of private
keys uses this code, so openssh is not affected.
On Tue, Sep 30, 2003 at 09:01:19PM -0500, Albert Chin wrote:
> We have OpenSSH built against a static version of the OpenSSL library.
> Do the recent OpenSSL vulnerabilities necessitate a rebuild of
> OpenSSH?
> http://www.openssl.org/news/secadv_20030930.txt
>
> >From the description of the four bugs, I'm inclined to think not.
>
> --
> albert chin (china at thewrittenword.com)
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list