From: Nilesh Govindrajan <me@nileshgr.com>
To: Gentoo User Mailing List <gentoo-user@lists.gentoo.org>
Subject: Re: [gentoo-user] 'Heartbleed' bug
Date: Thu, 10 Apr 2014 16:21:44 +0530 [thread overview]
Message-ID: <CAHgBc-uX-Bxm9Gez5ZH-dPinFqnj6wzX10EA4LCUR+wjhwwBUQ@mail.gmail.com> (raw)
In-Reply-To: <20140410105216.GA27859@localhost>
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
<matthew.finkel@gmail.com> wrote:
> On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
>> On 04/10/2014 05:03 PM, Adam Carter wrote:
>> >
>> > What surprises me here is OpenSSH. It's not supposed to use OpenSSL
>> > but Debian update process suggests to restart it after updating
>> > OpenSSL to a fixed version. Is it an overkill on their part? It
>> > might confuse admins.
>> >
>> >
>> > adam@proxy ~ $ ldd /usr/sbin/sshd
>> > linux-vdso.so.1 (0x00007fffb068e000)
>> > libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f68db1e6000)
>> > libpam.so.0 => /lib64/libpam.so.0 (0x00007f68dafd8000)
>> > libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f68dabf5000)
>> > libutil.so.1 => /lib64/libutil.so.1 (0x00007f68da9f2000)
>> > libz.so.1 => /lib64/libz.so.1 (0x00007f68da7db000)
>> > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f68da5a4000)
>> > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68da387000)
>> > libc.so.6 => /lib64/libc.so.6 (0x00007f68d9fd7000)
>> > libgcc_s.so.1 =>
>> > /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 (0x00007f68d9dc0000)
>> > libdl.so.2 => /lib64/libdl.so.2 (0x00007f68d9bbc000)
>> > /lib64/ld-linux-x86-64.so.2 (0x00007f68db3f1000)
>> > adam@proxy ~ $ qfile /usr/lib64/libcrypto.so.1.0.0
>> > dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0)
>> > adam@proxy ~ $
>> >
>> > So OpenSSH clearly IS using OpenSSL, and you need to restart sshd after
>> > upgrading OpenSSL.
>>
>> As far as I know, it doesn't use it for the communication itself, just
>> some key generations, so it shouldn't be affected by this bug. But I
>> guess better safe than sorry...
>>
>
> Right. heartbleed does not directly affect openssh, but openssh uses
> openssl and it's good practice to keep the shared libraries on-disk and
> the shared libraries in-memory in sync.
>
How is OpenSSH not affected?
next prev parent reply other threads:[~2014-04-10 10:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-10 0:06 [gentoo-user] 'Heartbleed' bug Joseph
2014-04-10 0:13 ` Ralf
2014-04-10 0:32 ` Michael Orlitzky
2014-04-10 5:48 ` Pavel Volkov
2014-04-10 9:03 ` Adam Carter
2014-04-10 9:53 ` Ján Zahornadský
2014-04-10 10:52 ` Matthew Finkel
2014-04-10 10:51 ` Nilesh Govindrajan [this message]
2014-04-10 11:00 ` Randolph Maaßen
2014-04-10 11:06 ` Ján Zahornadský
2014-04-10 11:06 ` Neil Bothwick
2014-04-10 10:42 ` Marc Joliet
2014-04-10 22:55 ` [gentoo-user] " walt
2014-04-10 22:59 ` Alan McKinnon
2014-04-10 23:38 ` Chris Walters
2014-04-10 23:37 ` Matthew Finkel
2014-04-10 23:42 ` Ralf
2014-04-11 8:05 ` Philip Webb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHgBc-uX-Bxm9Gez5ZH-dPinFqnj6wzX10EA4LCUR+wjhwwBUQ@mail.gmail.com \
--to=me@nileshgr.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox