Apologies if this has already vectored through your radar. A problem
has surfaced with Debian and Ubuntu related to the PRN in OpenSSL (and
therefore the keys in OpenSSH, OpenSSL, SSL, etc). Scope is limited
to Debian and Ubuntu systems but the problem appears to have been
around for a couple
These urls should also be looked at.
http://www.ubuntu.com/usn/usn-612-2
http://www.debian.org/security/2008/dsa-1571
On Tue, May 13, 2008 at 10:37 AM, Carlos Macedo Gomes
[EMAIL PROTECTED] wrote:
Apologies if this has already vectored through your radar. A problem
has surfaced with Debian
Yeah, good thinking pointing that out. HUGE warning to everyone.
This isn't just something you can run an update and ignore. The KEYS
themselves are vulnerable, so every SSH host key, client key, openVPN
key or openssl cert created with one of these systems should be
considered
