Re: [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Apr 10, 2014 at 03:10:31PM +0200, David Hrbá?? wrote:
> are going to regenerate the user passwords and ssh keys. What more we

SSH keys were not compromised by heartbleed (unless you had a management
tool that was vulnerable or an alternative ssh daemon that used libssl).
Nothing in the standard SSH was vulnerable so if your only encrypted
traffic was via OpenSSH then you have no problems.

Web servers, POP3, IMAP etc that were vulnerable may have potentially leaked
user passwords, but they can't leak SSH keys.

> are also going to regenerate server ssh keys, they could be compromised
> because of GSISSHD.

If the GSI patches used libssl then you might be vulnerable, but if they
only used libcrypt then you weren't exposed.

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux