[plug] Debian / Ubuntu SSL Security Vulnerability
Ian Ball
ian at iball.id.au
Tue May 27 17:12:21 WST 2008
Greetings,
I haven't seen this particular issue raised here yet, but there has been a
major security issue with SSL found recently. Basically, a bug in the SSL
code has gone un-noticed, and caused encryption keys to be shorter than
they should be. This leaves systems vulnerable to attack...
There is more information available at:
http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html
http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Millions+Vulnerable/article11869.htm
It is well worth applying the latest patches to your systems :)
Also, all SSL keys will need to be re-generated to get around the
vulnerability.
This will affect you if you are running any secure applications, such as
https or ssh. Also, other apps like postfix may be affected.
Have Fun !
--Ian Ball
e| ian at iball.id.au
h| http://iball.id.au
More information about the plug
mailing list