Re: does the openSSL security vulnerability (CVE-2014-0224) affect openssh?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 06/06/2014 03:59 AM, Truong, Van Cu wrote:

> can you please check, whether the vulnerability of openSSL (CVE-2014-0224):
> http://www.openssl.org/news/secadv_20140605.txt
> openssh affects?

CVE-2014-0224 is a flaw in the handling of certain Transport Layer
Security (TLS) or Secure Sockets Layer (SSL) messages.

the Secure Shell (SSH) is a different protocol from SSL or TLS.  OpenSSH
relies on the OpenSSL library for access to the cryptographic primitives
it provides, not for the TLS or SSL implementations.

So OpenSSH is not vulnerable to CVE-2014-0224.

hth,

	--dkg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux