headers
Kapil Hari Paranjape | 14 May 02:57
Picon
Favicon

Debian Security Announcement

Hello,

I am posting this here as it should receive wide exposure.

http://lists.debian.org/debian-security-announce/2008/msg00152.html

The bottom line(s):
 1. If you run a Debian or derivative (yes, Ubuntu!) version
    that is based on etch or later,
and
 2a. If you generated an SSH/SSL key on this system 
 or
 2b. You created a signature using a openssl DSA key on this
     system

Then it is likely that your key is weak/compromised. Please change
it after installing a more recent "openssl".

This does *not* apply to GPG/PGP keys.

Regards,

Kapil.
--

_______________________________________________
To unsubscribe, email ilugc-request@... with 
"unsubscribe <password> <address>"
in the subject or body of the message.  
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
(Continue reading)

Permalink | Reply |
headers
Parthan SR | 14 May 05:26
Picon

Re: Debian Security Announcement

Kapil Hari Paranjape wrote:
> Hello,
>
> I am posting this here as it should receive wide exposure.
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> The bottom line(s):
>  1. If you run a Debian or derivative (yes, Ubuntu!) version
>     that is based on etch or later,
> and
>  2a. If you generated an SSH/SSL key on this system 
>  or
>  2b. You created a signature using a openssl DSA key on this
>      system
>
> Then it is likely that your key is weak/compromised. Please change
> it after installing a more recent "openssl"
For Ubuntu Users, here is something to follow and be safe - 
http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/

It is suggested to update your system with the fix available in the 
repos and regenerate both your user and server SSH keys. It's a PITA 
updating the places where you have added your keys to authorized_keys ,  
but it's for your own safety :)

H.T.H

--

-- 
---
(Continue reading)

Permalink | Reply |

Gmane