[plug] Debian / Ubuntu SSL Security Vulnerability
Paul Antoine
pma-la at milleng.com.au
Tue May 27 19:09:45 WST 2008
The Ubuntu updates address this vulnerability and give you the option of
re-generating your keys during installation of the updates. It is of
course recommended that you do :-)
P.
Ian Ball wrote:
> Greetings,
>
> I haven't seen this particular issue raised here yet, but there has been a
> major security issue with SSL found recently. Basically, a bug in the SSL
> code has gone un-noticed, and caused encryption keys to be shorter than
> they should be. This leaves systems vulnerable to attack...
>
> There is more information available at:
> http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html
> http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Millions+Vulnerable/article11869.htm
>
> It is well worth applying the latest patches to your systems :)
> Also, all SSL keys will need to be re-generated to get around the
> vulnerability.
>
> This will affect you if you are running any secure applications, such as
> https or ssh. Also, other apps like postfix may be affected.
>
> Have Fun !
>
> --Ian Ball
> e| ian at iball.id.au
> h| http://iball.id.au
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list