[plug] Debian / Ubuntu SSL Security Vulnerability
Peter Taekema
demo9 at gswd.com
Tue Jun 3 18:49:28 WST 2008
Hi All,
You can disregard my last message.... turns out it was a hardware
issue.. related to my router. It went away after resetting it.. :)
Cheers,
Peter
On Tue, 2008-06-03 at 13:45 +0800, Peter Taekema wrote:
> Hi All,
>
> I appear to be having a different, ssl related problem...
>
> I have a couple of machines running Ubuntu 8.04 with firefox 3.0b5 that
> have suddently decided they won't talk to secure sites...
>
> In other words, any sites (including localhost)accessed via https://....
> just hang. no errors... just a blank screen.
>
> If this has been raised before, I may have missed it... anyone else
> seen this?
>
> Cheers,
> Peter
>
> On Tue, 2008-05-27 at 17:12 +0800, Ian Ball wrote:
> > Greetings,
> >
> > I haven't seen this particular issue raised here yet, but there has been a
> > major security issue with SSL found recently. Basically, a bug in the SSL
> > code has gone un-noticed, and caused encryption keys to be shorter than
> > they should be. This leaves systems vulnerable to attack...
> >
> > There is more information available at:
> > http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html
> > http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Millions+Vulnerable/article11869.htm
> >
> > It is well worth applying the latest patches to your systems :)
> > Also, all SSL keys will need to be re-generated to get around the
> > vulnerability.
> >
> > This will affect you if you are running any secure applications, such as
> > https or ssh. Also, other apps like postfix may be affected.
> >
> > Have Fun !
> >
> > --Ian Ball
> > e| ian at iball.id.au
> > h| http://iball.id.au
> >
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> >
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list