[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reg: Vulnerability CVE-2014-0160
[Thread Prev] | [Thread Next]
- Subject: Re: Reg: Vulnerability CVE-2014-0160
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 14 Apr 2014 09:55:54 +0200
- To: libssh@xxxxxxxxxx
- Cc: Aris Adamantiadis <aris@xxxxxxxxxxxx>
On Saturday 12 April 2014 22:53:07 Aris Adamantiadis wrote:
> Le 11/04/14 14:31, Andreas Schneider a écrit :
> > Hi,
> >
> >> This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed),
> >> we understand that we use openSSL in our implementation.
> >>
> >> We link -lssl and use libcrypto.so in our compilation and linking,
> >> Does this vulnerability has any impact in libssh, Share your thoughts
> >> regarding this.
>
> Hi Andreas,
>
> Quick though here, maybe we should try to avoid linking with -lssl
> because I don't think we use any API from libssl but only libcrypto.
We do not link with -lssl.
magrathea:~ # ldd /usr/lib64/libssh.so.4.4.1
linux-vdso.so.1 (0x00007fffadbfe000)
librt.so.1 => /lib64/librt.so.1 (0x00007f2657690000)
libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007f26572a4000)
libz.so.1 => /lib64/libz.so.1 (0x00007f265708e000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2656cdf000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2657b13000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2656ac0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f26568bc000)
Cheers,
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org asn@xxxxxxxxxxxxxx
| Re: Reg: Vulnerability CVE-2014-0160 | Alan Dunn <amdunn@xxxxxxxxx> |
| Reg: Vulnerability CVE-2014-0160 | Aartih <aarthit2014@xxxxxxxxx> |
| Re: Reg: Vulnerability CVE-2014-0160 | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
| Re: Reg: Vulnerability CVE-2014-0160 | Aris Adamantiadis <aris@xxxxxxxxxxxx> |