Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


Debian's worst nightmare – and how it came about

The Debian GNU/Linux project has just endured what is probably its worst week on the security front in the 15 years of its existence following the disclosure on May 13 of a serious vulnerability in the distribution's OpenSSL package.
Read it here and here


While this was achieved, the removal of the second line also removed all sources of entropy apart from the process ID which limited the number of unique keys to that given above.

There are a few things to be noted here. The Debian developer in question, Kurt Roeckx, sent a message to the openssl-dev mailing list on May 1, 2006, titled “Random number generator, uninitialised memory and valgrind”, proposing the changes which he wanted to make – the commenting out of the two lines of code. He also mentioned that he had no idea what effect this would have on the random number generator.

No Response to “Debian's worst nightmare – and how it came about” »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.