[plug] Debian / Ubuntu SSL Security Vulnerability
Peter Taekema
demo9 at gswd.com
Tue Jun 3 13:45:41 WST 2008
Hi All,
I appear to be having a different, ssl related problem...
I have a couple of machines running Ubuntu 8.04 with firefox 3.0b5 that
have suddently decided they won't talk to secure sites...
In other words, any sites (including localhost)accessed via https://....
just hang. no errors... just a blank screen.
If this has been raised before, I may have missed it... anyone else
seen this?
Cheers,
Peter
On Tue, 2008-05-27 at 17:12 +0800, Ian Ball wrote:
> Greetings,
>
> I haven't seen this particular issue raised here yet, but there has been a
> major security issue with SSL found recently. Basically, a bug in the SSL
> code has gone un-noticed, and caused encryption keys to be shorter than
> they should be. This leaves systems vulnerable to attack...
>
> There is more information available at:
> http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html
> http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Millions+Vulnerable/article11869.htm
>
> It is well worth applying the latest patches to your systems :)
> Also, all SSL keys will need to be re-generated to get around the
> vulnerability.
>
> This will affect you if you are running any secure applications, such as
> https or ssh. Also, other apps like postfix may be affected.
>
> Have Fun !
>
> --Ian Ball
> e| ian at iball.id.au
> h| http://iball.id.au
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list