[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reg: Vulnerability CVE-2014-0160

On Friday 11 April 2014 10:48:38 Aartih wrote:
> Hi,

> This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed),
> we understand that we use openSSL in our implementation.
> We link -lssl and use libcrypto.so in our compilation and linking,
> Does this vulnerability has any impact in libssh, Share your thoughts
> regarding this.

the OpenSSL vulnerability has been found an extension for TLS/SSL called 
Heartbeat (RFC 6250). SSH is a protocol like TLS/SSL. So we have nothing todo 
with TLS/SSL nor the bug. We only link against libcrypto which implements the 
cryptographic algorithms.




	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

Re: Reg: Vulnerability CVE-2014-0160Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reg: Vulnerability CVE-2014-0160Aartih <aarthit2014@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org