On Fri, May 16, 2008 at 09:24:00AM +1000, Peter Chubb wrote: > > Just in case anyone missed it, there's been a major vulnerability for > any SSH keys generated on a debian system over the last two years or > so ... apparently the random number generator wasn't being seeded > right, so only a few distinct keys were actually generated. > > The AARNET mirror doesn't have the updated packages as of this > morning, but the Optusnet mirror does ... I suggest that > -- you install the new openssh-client package (version 1:4.7p1-9 on unstable) > -- run ssh-vulnkey -a as root to find any vulnerable keys, and get > your users to fix them.
This also includes any certificates created by openssl (apache, exim, postfix). its a pain but this is a link to the ubunto ssl checker https://launchpad.net/ubuntu/+source/openssl-blacklist/ > > > -- > Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au > http://www.ertos.nicta.com.au ERTOS within National ICT Australia > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- Better dead than mellow.
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html