SSL vulnerability
From: Bryce Utting (butting_at_ihug.co.nz)
Date: 03/24/04
- Next message: Raul Collantes: "Re: traffic"
- Previous message: Mike Thomas: "GNU sed and other non standard packages."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 24 Mar 2004 06:30:56 +0000 (UTC)
I've installed entirely from packages, haven't built from source, and
am so flat out with other things I'm reluctant to patch-and-build for
the first time unless absolutely necessary. (I'm probably not the
only one!)
if I understand the vulnerability right, it's an issue at key
generation time only--right? so, if I were running a secure web
server I'd obviously need to rebuild (and would have, by now), but if
key generation is manual and infrequent do I have an immediate
problem?
the only external access to my OpenBSD server is via 25 (to Postfix)
and 22 (to sshd, but the port's only intermittently open). if I'm
reading ssh/sshd right, they're linked against libcrypt and not
libssl: does this mean that the vulnerability doesn't affect me, or
should I shut off 22 until I've patched and rebuilt?
thanks for any advice.
ta,
butting
- Next message: Raul Collantes: "Re: traffic"
- Previous message: Mike Thomas: "GNU sed and other non standard packages."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
