FreeBSD Security Advisory FreeBSD-SA-14:06.openssl
Carlo Strub
cs at FreeBSD.org
Thu Apr 10 12:03:05 UTC 2014
10/04/2014 12:58 - Cyrus Lopez wrote:
>
>
> >>
> >> SSH is not affected.
> >>
> >
> > SSH is indeed not affected, but I guess you should still consider the secret sshd key on your otherwise affected server as burnt, as it might have been in the memory too while an attacker was inspecting it via heartbleed. Better recreate the secret ssh key and all other secret keys on your server as well. But, again, the OpenSSH protocol/software per se are not affected.
>
>
> This is incorrect. The heartbleed exploit would have only returned portions of
> memory that were under the control of OpenSSL, not general memory used by other
> processes on the system.
>
>
>
>
Thanks for the update. I wasn't aware of that.
More information about the freebsd-security
mailing list