Gentoo Archives: gentoo-user

From:	Adam Carter <adamcarter3@×××××.com>
To:	"gentoo-user@l.g.o" <gentoo-user@l.g.o>
Subject:	Re: [gentoo-user] 'Heartbleed' bug
Date:	Thu, 10 Apr 2014 09:03:42
Message-Id:	`CAC=wYCHXO=JWRcdj3B3CYWDZBrBYk03epzYqwzT-MKv4J4_0SQ@mail.gmail.com`
In Reply to:	Re: [gentoo-user] 'Heartbleed' bug by Pavel Volkov

1	> What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
2	> Debian update process suggests to restart it after updating OpenSSL to a
3	> fixed version. Is it an overkill on their part? It might confuse admins.
4	>
5	>
6	> adam@proxy ~ $ ldd /usr/sbin/sshd
7	linux-vdso.so.1 (0x00007fffb068e000)
8	libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f68db1e6000)
9	libpam.so.0 => /lib64/libpam.so.0 (0x00007f68dafd8000)
10	libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f68dabf5000)
11	libutil.so.1 => /lib64/libutil.so.1 (0x00007f68da9f2000)
12	libz.so.1 => /lib64/libz.so.1 (0x00007f68da7db000)
13	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f68da5a4000)
14	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68da387000)
15	libc.so.6 => /lib64/libc.so.6 (0x00007f68d9fd7000)
16	libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1
17	(0x00007f68d9dc0000)
18	libdl.so.2 => /lib64/libdl.so.2 (0x00007f68d9bbc000)
19	/lib64/ld-linux-x86-64.so.2 (0x00007f68db3f1000)
20	adam@proxy ~ $ qfile /usr/lib64/libcrypto.so.1.0.0
21	dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0)
22	adam@proxy ~ $
23
24	So OpenSSH clearly IS using OpenSSL, and you need to restart sshd after
25	upgrading OpenSSL.

Subject	Author
Re: [gentoo-user] 'Heartbleed' bug	"Ján Zahornadský" <yankyo@×××××.com>