1 |
On 04/10/2014 05:03 PM, Adam Carter wrote: |
2 |
> |
3 |
> What surprises me here is OpenSSH. It's not supposed to use OpenSSL |
4 |
> but Debian update process suggests to restart it after updating |
5 |
> OpenSSL to a fixed version. Is it an overkill on their part? It |
6 |
> might confuse admins. |
7 |
> |
8 |
> |
9 |
> adam@proxy ~ $ ldd /usr/sbin/sshd |
10 |
> linux-vdso.so.1 (0x00007fffb068e000) |
11 |
> libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f68db1e6000) |
12 |
> libpam.so.0 => /lib64/libpam.so.0 (0x00007f68dafd8000) |
13 |
> libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f68dabf5000) |
14 |
> libutil.so.1 => /lib64/libutil.so.1 (0x00007f68da9f2000) |
15 |
> libz.so.1 => /lib64/libz.so.1 (0x00007f68da7db000) |
16 |
> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f68da5a4000) |
17 |
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68da387000) |
18 |
> libc.so.6 => /lib64/libc.so.6 (0x00007f68d9fd7000) |
19 |
> libgcc_s.so.1 => |
20 |
> /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 (0x00007f68d9dc0000) |
21 |
> libdl.so.2 => /lib64/libdl.so.2 (0x00007f68d9bbc000) |
22 |
> /lib64/ld-linux-x86-64.so.2 (0x00007f68db3f1000) |
23 |
> adam@proxy ~ $ qfile /usr/lib64/libcrypto.so.1.0.0 |
24 |
> dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0) |
25 |
> adam@proxy ~ $ |
26 |
> |
27 |
> So OpenSSH clearly IS using OpenSSL, and you need to restart sshd after |
28 |
> upgrading OpenSSL. |
29 |
|
30 |
As far as I know, it doesn't use it for the communication itself, just |
31 |
some key generations, so it shouldn't be affected by this bug. But I |
32 |
guess better safe than sorry... |