diff options
Diffstat (limited to 'debian/patches/ssh-vulnkey.patch')
| -rw-r--r-- | debian/patches/ssh-vulnkey.patch | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 3e4e96493..b33315677 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
| @@ -1,3 +1,15 @@ | |||
| 1 | Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw | ||
| 2 | In 2008, Debian (and derived distributions such as Ubuntu) shipped an | ||
| 3 | OpenSSL package with a flawed random number generator, causing OpenSSH to | ||
| 4 | generate only a very limited set of keys which were subject to private half | ||
| 5 | precomputation. To mitigate this, this patch checks key authentications | ||
| 6 | against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey | ||
| 7 | program which can be used to explicitly check keys against that blacklist. | ||
| 8 | See CVE-2008-0166. | ||
| 9 | Author: Colin Watson <cjwatson@ubuntu.com> | ||
| 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 | ||
| 11 | Last-Update: 2010-02-27 | ||
| 12 | |||
| 1 | Index: b/Makefile.in | 13 | Index: b/Makefile.in |
| 2 | =================================================================== | 14 | =================================================================== |
| 3 | --- a/Makefile.in | 15 | --- a/Makefile.in |