On Thu, 10 Apr 2014 10:52:21 +, Matthew Finkel wrote:
> Right. heartbleed does not directly affect openssh, but openssh uses
> openssl and it's good practice to keep the shared libraries on-disk and
> the shared libraries in-memory in sync.
The easiest way to do that is with app-admin/checkre
Exactly, OpenSSH depends on OpenSSL, but should never use the buggy code.
Some details in the answer here:
http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys
On 04/10/2014 07:00 PM, Randolph Maaßen wrote:
> The Heartbleed bug is in the Heartbeat function of TSL (a second keep
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
alive). OpenSSL does not use TLS for transport security, it uses its
own Protokoll for security.
2014-04-10 12:51 GMT+02:00 Nilesh Govindrajan :
> On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
> wrote:
>> On Thu, Apr 10, 2014
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
wrote:
> On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
>> On 04/10/2014 05:03 PM, Adam Carter wrote:
>> >
>> > What surprises me here is OpenSSH. It's not supposed to use OpenSSL
>> > but Debian update process suggests to r
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
> On 04/10/2014 05:03 PM, Adam Carter wrote:
> >
> > What surprises me here is OpenSSH. It's not supposed to use OpenSSL
> > but Debian update process suggests to restart it after updating
> > OpenSSL to a fixed version.
Am Wed, 9 Apr 2014 18:06:35 -0600
schrieb Joseph :
> Is gentoo effected by this new 'Heartbleed' bug?
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library"
>
> http://heartbleed.com/
Just FYI: security issues such as this get announced
On 04/10/2014 05:03 PM, Adam Carter wrote:
>
> What surprises me here is OpenSSH. It's not supposed to use OpenSSL
> but Debian update process suggests to restart it after updating
> OpenSSL to a fixed version. Is it an overkill on their part? It
> might confuse admins.
>
>
> ada
> What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
> Debian update process suggests to restart it after updating OpenSSL to a
> fixed version. Is it an overkill on their part? It might confuse admins.
>
>
> adam@proxy ~ $ ldd /usr/sbin/sshd
linux-vdso.so.1 (0x7fffb068
On Thursday, 10 April 2014 04:32:34 MSK, Michael Orlitzky wrote:
Yes, upgrade your OpenSSL to the latest stable version, and if 1.0.1g
isn't stable on your arch (it should be unless it's a weird one), unset
USE=tls-heartbeat like Ralf said.
But that's not your big problem. If you operate any ser
On 04/09/2014 08:06 PM, Joseph wrote:
> Is gentoo effected by this new 'Heartbleed' bug?
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library"
>
> http://heartbleed.com/
>
Yes, upgrade your OpenSSL to the latest stable version, and if 1.
Hello Joseph,
On 04/10/2014 02:06 AM, Joseph wrote:
> Is gentoo effected by this new 'Heartbleed' bug?
yes it is, as all OpenSSL versions > 0.9.8 were affected.
And Gentoo supported those versions.
So Gentoo also was affected but it supports the new
"heartbleed-bug-fixed" version 1.0.1g.
I *thin
Is gentoo effected by this new 'Heartbleed' bug?
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic
software library"
http://heartbleed.com/
--
Joseph
12 matches
Mail list logo
