[ale] Debian Security Advisory...

Jim Popovitch yahoo at jimpop.com
Wed May 14 00:56:43 EDT 2008 

Further to all this (and top posted to gain maximum attention), Debian
and Ubuntu users need to MANUALLY regenerate ssh HOST keys
(/etc/ssh/ssh_host_*key*)

-Jim P.

2008/5/13 Michael H. Warfield <mhw at wittsend.com>:
>
> On Tue, 2008-05-13 at 10:07 -0400, Michael H. Warfield wrote:
>> Hey all,
>
>>         Very early this morning, Debian announced a very serious
>> security advisory in OpenSSL impacting Debian Etch (stable) and Lenny
>> (unstable) and test.  The problem is in the OpenSSL prng (pseudo random
>> number generator) which was only being seeded by the process pid.  This
>> means that this particular Debian specific version of OpenSSL would only
>> generate 32,768 unique key pairs implying your true key strength was
>> only 15 bits for RSA, DSA, etc, etc, etc...  The package has to be
>> updated and all keys, ssh, OpenVPN, DNSSEC, as well as X.509
>> certificates generated under the affected distributions must be
>> regenerated from scratch.  All DSA keys must be considered compromised.
>> GPG and GNUTLS keys are NOT affected.
>
>>         Debian Etch was released in April of 2007, even though the
>> vulnerable code was uploaded to test in April of 2006 and subsequently
>> available in unstable prior to the release of Etch.  Distributions such
>> as Ubuntu and Knoppix released after that time and based on Etch are
>> probably also affected.  Embedded systems based on Etch may be impacted.
>> Keys generated by these systems may also have made their way into other
>> systems and embedded devices.  Run-live CD's and BBC's (Bootable
>> Business Card) based on Debian Etch may be impacted.
>
>>         Official announcement is here:
>
>> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
>        Link to the official Ubuntu security advisory is now here:
>
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html
>
>        No word, yet, from Knoppix or the other myriad Debian based distros.
>
>        Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>

More information about the Ale mailing list