[Gllug] Debian / Ubuntu SSL vulnerability

John Winters john at sinodun.org.uk
Wed May 14 09:57:52 UTC 2008


Phil Hands wrote:
[snip]
> I think that's about it -- there is apparently a version of ssh in
> unstable that has a blacklist of the broken keys that will stop people
> using them in future, but that doesn't help with the historical exposure
> of session data, and X.509 (SSL) certificate data.

Looking at the Ubuntu notifications it seems that they have already done
much the same.  Although a worthy catch-all, the problem I see with this
is that if you have a headless or remote box then applying the update
could easily lock you out of it entirely.

John

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list