[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reg: Vulnerability CVE-2014-0160

On Saturday 12 April 2014 22:53:07 Aris Adamantiadis wrote:
> Le 11/04/14 14:31, Andreas Schneider a écrit :
> > Hi,
> > 
> >> This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed),
> >> we understand that we use openSSL in our implementation.
> >> 
> >> We link -lssl and use libcrypto.so in our compilation and linking,
> >> Does this vulnerability has any impact in libssh, Share your thoughts
> >> regarding this.
> Hi Andreas,
> Quick though here, maybe we should try to avoid linking with -lssl
> because I don't think we use any API from libssl but only libcrypto.

We do not link with -lssl.

magrathea:~ # ldd /usr/lib64/libssh.so.4.4.1 
        linux-vdso.so.1 (0x00007fffadbfe000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f2657690000)
        libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007f26572a4000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f265708e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f2656cdf000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f2657b13000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2656ac0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f26568bc000)


	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

Re: Reg: Vulnerability CVE-2014-0160Alan Dunn <amdunn@xxxxxxxxx>
Reg: Vulnerability CVE-2014-0160Aartih <aarthit2014@xxxxxxxxx>
Re: Reg: Vulnerability CVE-2014-0160Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Reg: Vulnerability CVE-2014-0160Aris Adamantiadis <aris@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org