On 06/06/2014 03:59 AM, Truong, Van Cu wrote: > can you please check, whether the vulnerability of openSSL (CVE-2014-0224): > http://www.openssl.org/news/secadv_20140605.txt > openssh affects? CVE-2014-0224 is a flaw in the handling of certain Transport Layer Security (TLS) or Secure Sockets Layer (SSL) messages. the Secure Shell (SSH) is a different protocol from SSL or TLS. OpenSSH relies on the OpenSSL library for access to the cryptographic primitives it provides, not for the TLS or SSL implementations. So OpenSSH is not vulnerable to CVE-2014-0224. hth, --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev