[ale] Debian Security Advisory...

Brandon Colbert colbert.brandon at gmail.com
Sun May 18 22:47:14 EDT 2008 

Thanks. I have some servers to update. To many for one guy. :(

2008/5/13 Michael H. Warfield <mhw at wittsend.com>:

> Hey all,
>
>        Very early this morning, Debian announced a very serious
> security advisory in OpenSSL impacting Debian Etch (stable) and Lenny
> (unstable) and test.  The problem is in the OpenSSL prng (pseudo random
> number generator) which was only being seeded by the process pid.  This
> means that this particular Debian specific version of OpenSSL would only
> generate 32,768 unique key pairs implying your true key strength was
> only 15 bits for RSA, DSA, etc, etc, etc...  The package has to be
> updated and all keys, ssh, OpenVPN, DNSSEC, as well as X.509
> certificates generated under the affected distributions must be
> regenerated from scratch.  All DSA keys must be considered compromised.
> GPG and GNUTLS keys are NOT affected.
>
>        Debian Etch was released in April of 2007, even though the
> vulnerable code was uploaded to test in April of 2006 and subsequently
> available in unstable prior to the release of Etch.  Distributions such
> as Ubuntu and Knoppix released after that time and based on Etch are
> probably also affected.  Embedded systems based on Etch may be impacted.
> Keys generated by these systems may also have made their way into other
> systems and embedded devices.  Run-live CD's and BBC's (Bootable
> Business Card) based on Debian Etch may be impacted.
>
>        Official announcement is here:
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
>        Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080518/aa12130c/attachment.html

More information about the Ale mailing list