Welcome, Guest. Please login or register.
Forums
« previous next »
Pages: [1]   Go Down

Author Topic: Serious security vulnerability on Debian/Ubuntu  (Read 2387 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show all replies
    • http://www.iki.fi/sintonen/
Serious security vulnerability on Debian/Ubuntu
« on: May 13, 2008, 06:30:38 PM »
Quote
Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

...

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections.

DSA-1571-1 openssl -- predictable random number generator
USN-612-2: OpenSSH vulnerability
Logged
 

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show all replies
    • http://www.iki.fi/sintonen/
Re: Serious security vulnerability on Debian/Ubuntu
« Reply #1 on: May 14, 2008, 10:34:49 PM »
Logged
 

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show all replies
    • http://www.iki.fi/sintonen/
Re: Serious security vulnerability on Debian/Ubuntu
« Reply #2 on: May 15, 2008, 12:44:49 AM »
There fix is there already. The problem is that not everyone updates their boxes daily.
Logged
 
Pages: [1]   Go Up
« previous next »