[CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
Lars Hecking
lhecking at users.sourceforge.netTue Apr 8 22:55:25 UTC 2014
- Previous message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Next message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Leon Fauster writes: > Am 08.04.2014 um 23:08 schrieb Keith Keller <kkeller at wombat.san-francisco.ca.us>: > > On 2014-04-08, Robert Arkiletian <robark at gmail.com> wrote: > >> > >> if you include libcrypto in the grep then sshd is affected. > > > > That's unfortunate. :( Is the bug in libssl, libcrypto, or both? > > > looking inside - its seems that this issue (cve-2014-0160) is resolved > in ssl/d1_both.c and ssl/t1_lib.c and not in files under crypto/ ... > to say more i have to take a look into the build process. The OpenBSD note for the patch reads (http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/007_openssl.patch) | Only SSL/TLS services are affected. Software that uses libcrypto alone | is not affected. In particular, ssh/sshd are not affected and there | is no need to regenerate SSH host keys that have not otherwise been | exposed. The patched code is the same everywhere, ssl subdirectory only. Code in the crytpo subdirectory is not affected or patched.
- Previous message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Next message: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list