Debian openssl random number generator critical security flaw

Discussion in 'Smalltalk' started by Leszek, May 13, 2008.

  1. Leszek

    Leszek New Member

    Today I've heard about a critical security flaw in openssl in Debian and other Debian based distributions.From :

    "Luciano Bello discovered that the random number generator in Debian's
    openssl package is predictable. This is caused by an incorrect
    Debian-specific change to the openssl package (CVE-2008-0166). As a
    result, cryptographic key material may be guessable.
    Everyone should patch openssl as fast as possible.
    Last edited: May 13, 2008
  2. PlanBForOpenOffice

    PlanBForOpenOffice New Member

    This is not enough

    I believe to upgrade the package is not enough. Everybody needs to check his/her own keys that might have been generated with Debian openSSL and regenerate them.

    Does anybody know where to find a checklist, where all to look?

  3. Leszek

    Leszek New Member

    I agree.
    As fast as possible after the update.
  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page