[Sussex] SECURITY: SSH Keys Vulnerability On Debian and Debian-derived Distributions.
Colin Tuckley
colin at tuckley.org
Wed May 14 14:57:58 UTC 2008
Steve Dobson wrote:
> Yesterday it was announced that there is a vulnerability in OpenSSL in
> Debian and Debian-derived distributions.
> If you're admining a Debian server then doing an {apt-get/aptitude}
> dist-upgrade will the openssh packages and install a new one:
> openssh-blacklist. This give a new command:
>
> ssh-vulnkey -a
Two points:
1) The vulnerability extends to secure keys that were used on systems which
had the problem. so even a key generated on a red-hat system but used on a
Debian system should be changed.
2) The debian package openssh-blacklist is only available in *unstable* so far.
regards,
Colin
--
Colin Tuckley | +44(0)1903 236872 | PGP/GnuPG Key Id
Debian Developer | +44(0)7799 143369 | 0x1B3045CE
Common Sense is the collection of prejudices acquired by age eighteen. - A.
Einstein
More information about the Sussex
mailing list