SSL vulnerability in debian and ubuntu.
kemotaha at gmail.com
Tue May 13 16:10:43 MDT 2008
On Tue, 2008-05-13 at 10:14 -0600, Jordan Curzon wrote:
> This came across my radar this morning:
> ".....It is strongly recommended that all cryptographic key material which has
> been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
> systems is recreated from scratch. Furthermore, all DSA keys ever used
> on affected Debian systems for signing or authentication purposes should
> be considered compromised; the Digital Signature Algorithm relies on a
> secret random value used during signature generation.
> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
> distribution on 2006-09-17, and has since propagated to the testing and
> current stable (etch) distributions. The old stable distribution
> (sarge) is not affected....."
It looks like there is a script that you can download off that
announcement to see if you have weak keys. I did a quick search on my
users and hosts and it seems like I did have a few weak keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20080513/c566e740/attachment.bin
More information about the PLUG