bugzilla-daemon at mindrot.org
2003-Oct-08 16:04 UTC
[Bug 737] CERT® Advisory CA-2003-26 - any effect on OpenSSH?
http://bugzilla.mindrot.org/show_bug.cgi?id=737 Summary: CERT? Advisory CA-2003-26 - any effect on OpenSSH? Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: moulton at snmp.com Please pardon me if submitting a bug report is not the correct procedure to address this. Is OpenSSH affected by the vulnerability in OpenSSL discussed in http://www.cert.org/advisories/CA-2003-26.html ? I don't find a reference to it on the OpenSSH web site. CERT's only discussion wrt OpenSSH is . http://www.kb.cert.org/vuls/id/AAMN-5RXR29 . an assertion by IBM that it does not affect OpenSSH as they distribute it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-08 21:35 UTC
[Bug 737] CERT® Advisory CA-2003-26 - any effect on OpenSSH?
http://bugzilla.mindrot.org/show_bug.cgi?id=737 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From djm at mindrot.org 2003-10-09 07:35 ------- Not significantly. For recent versions of OpenSSH, the OpenSSL ASN.1 code is used only for loading private keys. It is not used to verify signatures coming from the network. For future reference: A bug tracking system is intended for reporting bugs, please use the mailing list for questions like this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- NOTICE: [CERT Advisory CA-2003-21 GNU Project FTP Server Compromise]
- Is qpopper vulnerable?? Re: CERT Advisory CA-97.09 - Vulnerability in IMAP and POP
- [Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors]
- CentOS Patch for http://www.kb.cert.org/vuls/id/800113
- CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)