|
|||
|
|||
|
|||
|
|||
|
|||
| Webmaster rambling and mental notes | |||
|
|||
|
|||
|
|||
|
|
|
|
|
 |
||
|
|||
|
|||
|
5/13/2008 - Debian Bug Leaves Private SSL/SSH Keys Guessable SecurityBob writes "Debian package maintainers tend to very often modify the source code of the package they are discussion so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key matter arise on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu." Reader RichiH also points to Debian's announcement and Ubuntu's announcement. Read more of this story at Slashdot. More: - The rest... Mark
Technorati Tags: announcement, debian, openssl, package, source, source code, the source, the source code, ubuntu, upstream
Filed under: announcement, debian, openssl, package, source, source code, the source, the source code, ubuntu, upstream Post A Comment! Share and enjoy |
||
|
|||
|
|||
|
|||
|
|||
|
|||
| MARVEL, SPIDER-MAN, DOCTOR OCTOPUS and all MARVEL character names and distinctive likenesses thereof: TM 2003 Marvel Characters, Inc. All Rights Reserved. MARVEL and SPIDER-MAN: Trademarks registered in the USA and certain other countries. 2003 Sony Pictures Digital Inc. All rights reserved. |