Apologies if this has already vectored through your radar. A problem
has surfaced with Debian and Ubuntu related to the PRN in OpenSSL (and
therefore the keys in OpenSSH, OpenSSL, SSL, etc). Scope is limited
to Debian and Ubuntu systems but the problem appears to have been
around for a couple
These urls should also be looked at.
http://www.ubuntu.com/usn/usn-612-2
http://www.debian.org/security/2008/dsa-1571
On Tue, May 13, 2008 at 10:37 AM, Carlos Macedo Gomes
[EMAIL PROTECTED] wrote:
Apologies if this has already vectored through your radar. A problem
has surfaced with Debian
Yeah, good thinking pointing that out. HUGE warning to everyone.
This isn't just something you can run an update and ignore. The KEYS
themselves are vulnerable, so every SSH host key, client key, openVPN
key or openssl cert created with one of these systems should be
considered
Should I update NOT AUTHENTICATED security updates?
I am running Ubuntu 7.10
The automatic updater told me that I have updates available.
The following packages came in and when I tried to install them I
received a message that they can't be authenticated! Doing this could
could allow a
Normally i'd say no (make sure you have all the deb/ubuntu keyrings
though). But in this case, upgrade anyway, and do it asap.
On May 13, 2008, at 12:12 PM, koder wrote:
Should I update NOT AUTHENTICATED security updates?
I am running Ubuntu 7.10
The automatic updater told me that I
I've got a personal server and a laptop running Ubuntu Hardy. I've run
full system updates including libssl, openssl, etc.
Crypto isn't really my thing, so I'm not sure all the places where this
issue might have affected me. After the update, I regenerated my host
keys for openssh, the
Am 13. Mai, 2008 schwätzte Alex Dean so:
I've got a personal server and a laptop running Ubuntu Hardy. I've run full
system updates including libssl, openssl, etc.
Crypto isn't really my thing, so I'm not sure all the places where this issue
might have affected me. After the update, I