Old 05-13-2008, 08:20 AM Offline   #1 (permalink)



 
coolmanhiphop's Avatar
Mr. News Guy
 
Since: Nov 2007
Posts: 109,399
Rank:
Uploads: 0
eCash: $500
Thank Meter: 9973

coolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimes
Rep Power: 2076
Default Debian Bug Leaves Private SSL/SSH Keys Guessable

SecurityBob writes "Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu." Reader RichiH also points to Debian's announcement and Ubuntu's announcement.
Read more of this story at Slashdot.
</img>


More...
 
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian On the Openmoko Neo FreeRunner Phone coolmanhiphop Feeds 0 08-15-2008 10:50 PM
Debian.. You can never be sure coolmanhiphop Feeds 0 07-07-2008 05:30 AM
Debian Cluster Replaces Supercomputer For Weather Forecasting coolmanhiphop Feeds 0 03-13-2008 10:50 PM
Debian GNU/Linux 4.0 updated coolmanhiphop Feeds 0 12-28-2007 09:40 AM


All times are GMT -8. The time now is 05:05 PM.

Archive:


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.3.2 © 2009, Crawlability, Inc.
Hip Hop Universe 2005-Forever