sshd & [USN-2459-1] OpenSSL vulnerabilities

Brandon Vincent Brandon.Vincent at asu.edu
Wed Jan 14 13:55:09 UTC 2015


On Tue, Jan 13, 2015 at 4:42 AM, Vangelis Katsikaros <ibob17 at yahoo.gr> wrote:
> Sorry in case the question is stupid :) Does the ssh service need a restart
> after this update?

As others have pointed out, OpenSSH is built against OpenSSL.

However, the major vulnerabilities fixed by this update are applicable
the use of the SSL/TLS portion of the library. OpenSSH doesn't use
TLS, but rather uses OpenSSL for the cryptographic primitives related
to the operation of the SSH protocol.

In other words, no restart of the sshd daemon is required.

Brandon Vincent



More information about the ubuntu-users mailing list