[plug] Debian / Ubuntu SSL Security Vulnerability

Peter Taekema demo9 at gswd.com
Tue Jun 3 13:45:41 WST 2008


Hi All,

I appear to be having a different, ssl related problem...

I have a couple of machines running Ubuntu 8.04 with firefox 3.0b5 that
have suddently decided they won't talk to secure sites...

In other words, any sites (including localhost)accessed via https://....
just hang.  no errors... just a blank screen.

If this has been raised before, I may have missed it...  anyone else
seen this?

Cheers,
Peter

On Tue, 2008-05-27 at 17:12 +0800, Ian Ball wrote:
> Greetings,
> 
> I haven't seen this particular issue raised here yet, but there has been a
> major security issue with SSL found recently.  Basically, a bug in the SSL
> code has gone un-noticed, and caused encryption keys to be shorter than
> they should be.  This leaves systems vulnerable to attack...
> 
> There is more information available at:
> http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html
> http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Millions+Vulnerable/article11869.htm
> 
> It is well worth applying the latest patches to your systems :)
> Also, all SSL keys will need to be re-generated to get around the
> vulnerability.
> 
> This will affect you if you are running any secure applications, such as
> https or ssh.  Also, other apps like postfix may be affected.
> 
> Have Fun !
> 
> --Ian Ball
> e| ian at iball.id.au
> h| http://iball.id.au
> 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
> 




More information about the plug mailing list