Recent OpenSSL vulnerability require rebuild of OpenSSH

Markus Friedl markus at
Wed Oct 1 19:24:50 EST 2003

recent openssh versions avoid the ASN.1 code
from openssl. only reading of private
keys uses this code, so openssh is not affected.

On Tue, Sep 30, 2003 at 09:01:19PM -0500, Albert Chin wrote:
> We have OpenSSH built against a static version of the OpenSSL library.
> Do the recent OpenSSL vulnerabilities necessitate a rebuild of
> OpenSSH?
> >From the description of the four bugs, I'm inclined to think not.
> -- 
> albert chin (china at
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list