Truong, Van Cu
2014-Jun-06 07:59 UTC
does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
Dear openssh developers, can you please check, whether the vulnerability of openSSL (CVE-2014-0224): http://www.openssl.org/news/secadv_20140605.txt openssh affects? Many thanks Van Cu Truong Tel.: +49 (211) 399 33598 Mobile: +49 (163) 1651728 cu.truongl at atos.net<mailto:cu.truongl at atos.net> Otto-Hahn-Ring 6 81739 M?nchen, Deutschland de.atos.net [https://careers.atos.net/fe/images/client/Atos01/v1/css/logo.gif]
Daniel Kahn Gillmor
2014-Jun-06 15:11 UTC
does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
On 06/06/2014 03:59 AM, Truong, Van Cu wrote:> can you please check, whether the vulnerability of openSSL (CVE-2014-0224): > http://www.openssl.org/news/secadv_20140605.txt > openssh affects?CVE-2014-0224 is a flaw in the handling of certain Transport Layer Security (TLS) or Secure Sockets Layer (SSL) messages. the Secure Shell (SSH) is a different protocol from SSL or TLS. OpenSSH relies on the OpenSSL library for access to the cryptographic primitives it provides, not for the TLS or SSL implementations. So OpenSSH is not vulnerable to CVE-2014-0224. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140606/72839eb1/attachment.bin>
Damien Miller
2014-Jun-07 23:16 UTC
does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
On Fri, 6 Jun 2014, Truong, Van Cu wrote:> Dear openssh developers, > > can you please check, whether the vulnerability of openSSL (CVE-2014-0224): > http://www.openssl.org/news/secadv_20140605.txt > openssh affects?No, they are all SSL related. -d