update from mdz

author: Colin Watson <cjwatson@debian.org> 2008-05-13 11:32:12 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-13 11:32:12 +0000
commit: f2a7626a59e3df619d04082c7c7942492e886c03 (patch)
tree: 2af6856a9968fcecf2402235901400f943a597f0 /debian
parent: b0e132564027c228a89ee5bcd39b28bb78430d00 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys
index c3e6cbbf2..048aadd04 100644
--- a/debian/README.compromised-keys
+++ b/debian/README.compromised-keys
@@ -5,9 +5,14 @@ Matt Zimmerman, assisted by Colin Watson.
 A weakness has been discovered in the random number generator used by OpenSSL
 on Debian and Ubuntu systems.  As a result of this weakness, certain encryption
-keys are generated much more frequently than they should be, such that an
+keys are much more common than they should be, such that an attacker could
-attacker could guess the key through a brute-force attack given minimal
+guess the key through a brute-force attack given minimal knowledge of the
-knowledge of the system.
+system.  This particularly affects the use of encryption keys in OpenSSH,
+OpenVPN and SSL certificates.
+This vulnerability only affects operating systems which (like Ubuntu) are based
+on Debian.  However, other systems can be indirectly affected if weak keys are
+imported into them.
 We consider this an extremely serious vulnerability, and urge all users to act
 immediately to secure their systems.
@@ -97,7 +102,8 @@ OpenSSH:
     ssh-vulnkey /path/to/key
   If ssh-vulnkey says "No blacklist file", then it has no information
-   about whether that key is affected.
+   about whether that key is affected.  If in doubt, destroy the key and
+   generate a new one.
 4. Regenerate any affected user keys
author	Colin Watson <cjwatson@debian.org>	2008-05-13 11:32:12 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-13 11:32:12 +0000
commit	f2a7626a59e3df619d04082c7c7942492e886c03 (patch)
tree	2af6856a9968fcecf2402235901400f943a597f0 /debian
parent	b0e132564027c228a89ee5bcd39b28bb78430d00 (diff)

diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys index c3e6cbbf2..048aadd04 100644 --- a/debian/README.compromised-keys +++ b/debian/README.compromised-keys
@@ -5,9 +5,14 @@ Matt Zimmerman, assisted by Colin Watson.
5		5
6	A weakness has been discovered in the random number generator used by OpenSSL	6	A weakness has been discovered in the random number generator used by OpenSSL
7	on Debian and Ubuntu systems. As a result of this weakness, certain encryption	7	on Debian and Ubuntu systems. As a result of this weakness, certain encryption
8	keys are generated much more frequently than they should be, such that an	8	keys are much more common than they should be, such that an attacker could
9	attacker could guess the key through a brute-force attack given minimal	9	guess the key through a brute-force attack given minimal knowledge of the
10	knowledge of the system.	10	system. This particularly affects the use of encryption keys in OpenSSH,
		11	OpenVPN and SSL certificates.
		12
		13	This vulnerability only affects operating systems which (like Ubuntu) are based
		14	on Debian. However, other systems can be indirectly affected if weak keys are
		15	imported into them.
11		16
12	We consider this an extremely serious vulnerability, and urge all users to act	17	We consider this an extremely serious vulnerability, and urge all users to act
13	immediately to secure their systems.	18	immediately to secure their systems.
@@ -97,7 +102,8 @@ OpenSSH:
97	ssh-vulnkey /path/to/key	102	ssh-vulnkey /path/to/key
98		103
99	If ssh-vulnkey says "No blacklist file", then it has no information	104	If ssh-vulnkey says "No blacklist file", then it has no information
100	about whether that key is affected.	105	about whether that key is affected. If in doubt, destroy the key and
		106	generate a new one.
101		107
102	4. Regenerate any affected user keys	108	4. Regenerate any affected user keys
103		109