[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reg: Vulnerability CVE-2014-0160
[Thread Prev] | [Thread Next]
- Subject: Re: Reg: Vulnerability CVE-2014-0160
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 11 Apr 2014 14:31:54 +0200
- To: libssh@xxxxxxxxxx
On Friday 11 April 2014 10:48:38 Aartih wrote: > Hi, Hi, > This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed), > we understand that we use openSSL in our implementation. > > We link -lssl and use libcrypto.so in our compilation and linking, > Does this vulnerability has any impact in libssh, Share your thoughts > regarding this. the OpenSSL vulnerability has been found an extension for TLS/SSL called Heartbeat (RFC 6250). SSH is a protocol like TLS/SSL. So we have nothing todo with TLS/SSL nor the bug. We only link against libcrypto which implements the cryptographic algorithms. See: https://www.openssl.org/docs/crypto/crypto.html Cheers, -- andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org asn@xxxxxxxxxxxxxx
| Re: Reg: Vulnerability CVE-2014-0160 | Aris Adamantiadis <aris@xxxxxxxxxxxx> |
| Reg: Vulnerability CVE-2014-0160 | Aartih <aarthit2014@xxxxxxxxx> |