MonetDB usage of openssl and recently reported Security Vulnerability Issue in Openssl ( refer http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ )
Hi All,
Can any one give some guideline on how MonetDB uses openssl library which is a dependency expressed during compile time and what kind of measures should taken to avoid security vulnerability reported recently with openssl. Please refer to links below : http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens... http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
Regards, Ashish
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2014-04-09 10:00, Ashish Kumar Singh wrote:
Hi All,
Can any one give some guideline on how MonetDB uses openssl library which is a dependency expressed during compile time and what kind of measures should taken to avoid security vulnerability reported recently with openssl. Please refer to links below : http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens...
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
Regards, Ashish
_______________________________________________ users-list mailing list users-list@monetdb.org https://www.monetdb.org/mailman/listinfo/users-list
MonetDB uses OpenSSL only for the hash functions, such as SHA. It does not use any encryption and certainly no encryption "over the wire". As such, I think MonetDB is not at all impacted by the Heartbleed vulerability.
- -- Sjoerd Mullender
participants (2)
-
Ashish Kumar Singh -
Sjoerd Mullender