does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Jun 7 01:11:59 EST 2014
On 06/06/2014 03:59 AM, Truong, Van Cu wrote:
> can you please check, whether the vulnerability of openSSL (CVE-2014-0224):
> http://www.openssl.org/news/secadv_20140605.txt
> openssh affects?
CVE-2014-0224 is a flaw in the handling of certain Transport Layer
Security (TLS) or Secure Sockets Layer (SSL) messages.
the Secure Shell (SSH) is a different protocol from SSL or TLS. OpenSSH
relies on the OpenSSL library for access to the cryptographic primitives
it provides, not for the TLS or SSL implementations.
So OpenSSH is not vulnerable to CVE-2014-0224.
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140606/72839eb1/attachment.bin>
More information about the openssh-unix-dev
mailing list