summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2008-05-13 11:32:12 +0000
committerColin Watson <cjwatson@debian.org>2008-05-13 11:32:12 +0000
commitf2a7626a59e3df619d04082c7c7942492e886c03 (patch)
tree2af6856a9968fcecf2402235901400f943a597f0
parentb0e132564027c228a89ee5bcd39b28bb78430d00 (diff)
update from mdz
-rw-r--r--debian/README.compromised-keys14
1 files changed, 10 insertions, 4 deletions
diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys
index c3e6cbbf2..048aadd04 100644
--- a/debian/README.compromised-keys
+++ b/debian/README.compromised-keys
@@ -5,9 +5,14 @@ Matt Zimmerman, assisted by Colin Watson.
5 5
6A weakness has been discovered in the random number generator used by OpenSSL 6A weakness has been discovered in the random number generator used by OpenSSL
7on Debian and Ubuntu systems. As a result of this weakness, certain encryption 7on Debian and Ubuntu systems. As a result of this weakness, certain encryption
8keys are generated much more frequently than they should be, such that an 8keys are much more common than they should be, such that an attacker could
9attacker could guess the key through a brute-force attack given minimal 9guess the key through a brute-force attack given minimal knowledge of the
10knowledge of the system. 10system. This particularly affects the use of encryption keys in OpenSSH,
11OpenVPN and SSL certificates.
12
13This vulnerability only affects operating systems which (like Ubuntu) are based
14on Debian. However, other systems can be indirectly affected if weak keys are
15imported into them.
11 16
12We consider this an extremely serious vulnerability, and urge all users to act 17We consider this an extremely serious vulnerability, and urge all users to act
13immediately to secure their systems. 18immediately to secure their systems.
@@ -97,7 +102,8 @@ OpenSSH:
97 ssh-vulnkey /path/to/key 102 ssh-vulnkey /path/to/key
98 103
99 If ssh-vulnkey says "No blacklist file", then it has no information 104 If ssh-vulnkey says "No blacklist file", then it has no information
100 about whether that key is affected. 105 about whether that key is affected. If in doubt, destroy the key and
106 generate a new one.
101 107
1024. Regenerate any affected user keys 1084. Regenerate any affected user keys
103 109