[ale] Debian Security Advisory...

Michael H. Warfield mhw at WittsEnd.com
Tue May 13 16:58:41 EDT 2008


On Tue, 2008-05-13 at 10:07 -0400, Michael H. Warfield wrote:
> Hey all,

>         Very early this morning, Debian announced a very serious
> security advisory in OpenSSL impacting Debian Etch (stable) and Lenny
> (unstable) and test.  The problem is in the OpenSSL prng (pseudo random
> number generator) which was only being seeded by the process pid.  This
> means that this particular Debian specific version of OpenSSL would only
> generate 32,768 unique key pairs implying your true key strength was
> only 15 bits for RSA, DSA, etc, etc, etc...  The package has to be
> updated and all keys, ssh, OpenVPN, DNSSEC, as well as X.509
> certificates generated under the affected distributions must be
> regenerated from scratch.  All DSA keys must be considered compromised.
> GPG and GNUTLS keys are NOT affected.

>         Debian Etch was released in April of 2007, even though the
> vulnerable code was uploaded to test in April of 2006 and subsequently
> available in unstable prior to the release of Etch.  Distributions such
> as Ubuntu and Knoppix released after that time and based on Etch are
> probably also affected.  Embedded systems based on Etch may be impacted.
> Keys generated by these systems may also have made their way into other
> systems and embedded devices.  Run-live CD's and BBC's (Bootable
> Business Card) based on Debian Etch may be impacted.

>         Official announcement is here:

> http://lists.debian.org/debian-security-announce/2008/msg00152.html

	Link to the official Ubuntu security advisory is now here:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html

	No word, yet, from Knoppix or the other myriad Debian based distros.

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080513/bff911c7/attachment.bin 


More information about the Ale mailing list