OpenSSH vulnerability (Ubuntu and Debian hit)
Carlos Macedo Gomes
powerofprimes at gmail.com
Tue May 13 10:37:56 MST 2008
Apologies if this has already vectored through your radar. A problem
has surfaced with Debian and Ubuntu related to the PRN in OpenSSL (and
therefore the keys in OpenSSH, OpenSSL, SSL, etc). Scope is limited
to Debian and Ubuntu systems but the problem appears to have been
around for a couple years.
Ubuntu advisory is here:
http://www.ubuntu.com/usn/usn-612-1
Here's a (rantish) writeup on the *raison d'etre*:
http://www.links.org/?p=327
Check your primes...
ymmv,
C.G.
--
powerofprimes at gmail.com
Carlos Macedo Gomes
_sic itur ad astra_
More information about the PLUG-discuss
mailing list