my "unwilling to wade in the bulls" take on this affair is that some part of ssl on the outward face of that service is bleeding large chunks of raw memory, in response to a trivial attack.
i'm not clear on on is which parts of memory are bleeding..
only ssl services memory?
or all memory from all services in the vicinity?
or all memory in general?
i'm hearing that sll privates are amonst the things that are leaking, but can anyone please clearly define which parts of my various systems have been wide open to the world, these past two years and more?
some people are saying ssh is not affected..
this is important to me - i don't care about ssl, and consider the bulk of the applications it supports to be trivial, but i cannot work without ssh, and am not aware of any viable alternatives.
i've always assumed that ssh was built on top of ssl - as in why reinvent the wheel - but when i went digging, trying to sort out which versions i have been running, and what i need to update, etc, i seem to be finding that ssh is actually standalone, apparently?
perhaps built on similar principles, but by differerent groups, and never merged - or do i have a bent picture?
apparently i need to learn more about these things - in matters like this i prefer to be able to read the source than listen to pundits pound the keys..
i am one, so i know, don't argue with me.
anyway - hello - if anyone can please enlighten or point at the histories of both open ssl and ssh for me, it would be a great help,
and if anyone could please point at, or repeat the answer to my question about what exactly has been exposed - thank you.