[plug] Debian / Ubuntu SSL Security Vulnerability
demo9 at gswd.com
Tue Jun 3 13:45:41 WST 2008
I appear to be having a different, ssl related problem...
I have a couple of machines running Ubuntu 8.04 with firefox 3.0b5 that
have suddently decided they won't talk to secure sites...
In other words, any sites (including localhost)accessed via https://....
just hang. no errors... just a blank screen.
If this has been raised before, I may have missed it... anyone else
On Tue, 2008-05-27 at 17:12 +0800, Ian Ball wrote:
> I haven't seen this particular issue raised here yet, but there has been a
> major security issue with SSL found recently. Basically, a bug in the SSL
> code has gone un-noticed, and caused encryption keys to be shorter than
> they should be. This leaves systems vulnerable to attack...
> There is more information available at:
> It is well worth applying the latest patches to your systems :)
> Also, all SSL keys will need to be re-generated to get around the
> This will affect you if you are running any secure applications, such as
> https or ssh. Also, other apps like postfix may be affected.
> Have Fun !
> --Ian Ball
> e| ian at iball.id.au
> h| http://iball.id.au
> PLUG discussion list: plug at plug.org.au
> Committee e-mail: committee at plug.linux.org.au
More information about the plug