Marty <[EMAIL PROTECTED]>: > I usually keep current with the Debian archive using apt-get. Sometimes, > however, I install programs using dselect. > > After upgrading to the latest Debian archive using apt-get update/upgrade, > I got the following message while running dselect: > > The following packages will be upgraded: > openssh-client openssh-server > > It happened on two different similarly configured machines. > > I'm pretty sure this has never happened to me before. I have always thought > that upgrading using either apt-get or dselect (using the apt method) were > equivalent, at least with respect to staying current with the archive. > > Am I missing something major? Thanks for any illumination.
http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&r1=140&r2=141 A major flaw has been discovered in the way Debian has been creating ssh and ssl keys. I'm surprised anyone's not heard of it yet. Upgrading those two packages places you in a position to fix the problem as it affects your systems. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
