[Gllug] Debian / Ubuntu SSL vulnerability

[John Winters]

Phil Hands wrote:
[snip]
> I think that's about it -- there is apparently a version of ssh in
> unstable that has a blacklist of the broken keys that will stop people
> using them in future, but that doesn't help with the historical exposure
> of session data, and X.509 (SSL) certificate data.

Looking at the Ubuntu notifications it seems that they have already done
much the same.  Although a worthy catch-all, the problem I see with this
is that if you have a headless or remote box then applying the update
could easily lock you out of it entirely.

John

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug