Re: [SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
## Wolfgang Jeltsch (7o2lccqg@acme.softbase.org):
> I was surprised that during updating OpenSSL, it was
> suggested to restart SSH since SSH was said to be dependent on OpenSSL. In
> what way does SSH depend on OpenSSL?
OpenSSH is linked against libcrypto (see ldd).
> Under which circumstances do the
> security holes of OpenSSL cause security issues with SSH?
As this is a bug in libssl, ssh is possibly not affected. I can't see
how ssh could ever get into SSL_get_shared_ciphers() either, but then
again I didn't track through all of ssh's source code.
Regards
Christoph
--
Spare Space
Reply to: