SSL vulnerability in debian and ubuntu.

Jordan Curzon curzonj at gmail.com
Tue May 13 10:14:39 MDT 2008


This came across my radar this morning:

".....It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch.  Furthermore, all DSA keys ever used
on affected Debian systems for signing or authentication purposes should
be considered compromised; the Digital Signature Algorithm relies on a
secret random value used during signature generation.

The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions.  The old stable distribution
(sarge) is not affected....."

http://lists.debian.org/debian-security-announce/2008/msg00152.html



More information about the PLUG mailing list