Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


 

Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability

The Debian team has provided a tool that can be used to determine if any such weak keys exist on the system, and it can be run by anyone, regardless of whether they use Debian or not.
Read it here

Quote:

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys. Any OpenSSL-based key generated on a Debian-based system since September 2006 by the openssl, ssh-keygen, or openvpn –keygen commands are vulnerable to this issue.

No Response to “Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.