MonetDB usage of openssl and recently reported Security Vulnerability Issue in Openssl ( refer http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ )
Hi All, Can any one give some guideline on how MonetDB uses openssl library which is a dependency expressed during compile time and what kind of measures should taken to avoid security vulnerability reported recently with openssl. Please refer to links below : http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens... http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities Regards, Ashish
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-04-09 10:00, Ashish Kumar Singh wrote:
Hi All,
Can any one give some guideline on how MonetDB uses openssl library which is a dependency expressed during compile time and what kind of measures should taken to avoid security vulnerability reported recently with openssl. Please refer to links below : http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens...
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
Regards, Ashish
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
MonetDB uses OpenSSL only for the hash functions, such as SHA. It does not use any encryption and certainly no encryption "over the wire". As such, I think MonetDB is not at all impacted by the Heartbleed vulerability. - -- Sjoerd Mullender -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBU0UHMj7g04AjvIQpAQJDjgP+OM9EKCj0nUWojlnw3LQB6a1CswQ2Pnba dcSamNVbhAaHq06HKpHAoEcxwrZN1QJFc80+E9WSRNw85z7AfCwj9qsQUXAsm0DU XlbFdKTgeEmiNtNhGQo+wBxYLf/LabgKLhry4JgLTEHMR+RMOzR490BNMG/hRruq iut3YYTIxIU= =lHVP -----END PGP SIGNATURE-----
participants (2)
-
Ashish Kumar Singh -
Sjoerd Mullender