To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=89461 Issue #|89461 Summary|Replace compromised SSH key for user hatapitk Component|www Version|current Platform|All URL| OS/Version|All Status|UNCONFIRMED Status whiteboard| Keywords| Resolution| Issue type|TASK Priority|P2 Subcomponent|openoffice.org website general issues Assigned to|ssh2key Reported by|hatapitk
------- Additional comments from [EMAIL PROTECTED] Wed May 14 12:08:48 +0000 2008 ------- Due to a bug in the openssl library shipped in Debian http://www.debian.org/security/2008/dsa-1571 http://www.ubuntu.com/usn/usn-612-2 all SSH keys generated on recent Debian and Ubuntu systems are so weak that they should be considered compromised. Since I have generated my SSH key on such system, it should be revoked and replaced with a new one. Fingerprint of the compromised key is 5f:15:b3:9d:95:d7:90:24:8b:ba:ac:bf:e7:5b:b1:b2 Fingerprint of the new, valid key that I will attach to this issue is a3:f3:c4:27:57:e4:ec:ba:71:b1:3a:64:5d:6b:9c:9c Since this bug has been in Debian and Ubuntu releases for slightly over a year, it is likely that there are other similarly weak keys installed on OOo servers. It might make sense to scan for them using some of the published tools (more information in the security advisories linked above). --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]