[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    Re: OpenSSL patches for other versions
From:       Richard Levitte - VMS Whacker <levitte () stacken ! kth ! se>
Date:       2002-07-31 12:03:04
[Download RAW message or body]

In message <00ef01c2388a$0ecaa8c0$390110ac@kovaiteam> on Wed, 31 Jul 2002 17:29:32 +0530, "kumar" <kumaresh_ind@gmx.net> said:

kumaresh_ind> Hello all,
kumaresh_ind> I am using OpenSSH with OpenSSL(0.9.6d)
kumaresh_ind> What is the impact of this OpenSSL vulnerability in openssh?
kumaresh_ind> Anyone have answers.Please share.

As long as OpenSSH doesn't touch anything related to SSL or ASN.1, you
should be safe.  OpenSSH doesn't talk SSL, and as far as I know, it
doesn't handle certificates yet (that's where ASN.1 would come in).
If OpenSH handles certificates, it should be possible to disable that
until you have made appropriate upgrades.

My 2 cents...

-- 
Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]