Google Groups Home
Help | Sign in
comp.dcom.telecom
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Debian OpenSSL Vulnerability
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
Monty Solomon  
View profile
  More options May 16, 10:31 am
Newsgroups: comp.dcom.telecom
From: Monty Solomon <mo...@roscom.com>
Date: Fri, 16 May 2008 10:31:33 -0400 (EDT)
Local: Fri, May 16 2008 10:31 am
Subject: Debian OpenSSL Vulnerability
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

***** Moderator's Note *****

Although the attached warning is not, srictly speaking, telecom
related, I'm allowing it because Debian GNU/Linux is the operating
system that runs a lot of the Asterisk PBX software, and is used in a
lot of other "infrastructure" machines that provide email or other
essential corporate functions. The more people who know, the better.

Bill Horne
Temporary Moderator

*************************

Debian Security Advisory

DSA-1571-1 openssl -- predictable random number generator

Date Reported:
     13 May 2008

Affected Packages:
     openssl

Vulnerable:
     Yes

Security database references:
     In Mitre's CVE dictionary: CVE-2008-0166.

More information:

     Luciano Bello discovered that the random number generator in
Debian's openssl package is predictable. This is caused by an
incorrect Debian-specific change to the openssl package
(CVE-2008-0166). As a result, cryptographic key material may be
guessable.

     This is a Debian-specific vulnerability which does not affect
other operating systems which are not based on Debian. However, other
systems can be indirectly affected if weak keys are imported into
them.

     It is strongly recommended that all cryptographic key material
which has been generated by OpenSSL versions starting with 0.9.8c-1
on Debian systems is recreated from scratch. Furthermore, all DSA
keys ever used on affected Debian systems for signing or
authentication purposes should be considered compromised; the Digital
Signature Algorithm relies on a secret random value used during
signature generation.

...

http://www.debian.org/security/2008/dsa-1571


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google