Recent OpenSSL vulnerability require rebuild of OpenSSH

Markus Friedl markus at openbsd.org
Wed Oct 1 19:24:50 EST 2003


recent openssh versions avoid the ASN.1 code
from openssl. only reading of private
keys uses this code, so openssh is not affected.

On Tue, Sep 30, 2003 at 09:01:19PM -0500, Albert Chin wrote:
> We have OpenSSH built against a static version of the OpenSSL library.
> Do the recent OpenSSL vulnerabilities necessitate a rebuild of
> OpenSSH?
>   http://www.openssl.org/news/secadv_20030930.txt
> 
> >From the description of the four bugs, I'm inclined to think not.
> 
> -- 
> albert chin (china at thewrittenword.com)
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev




More information about the openssh-unix-dev mailing list