All SSL and SSH keys generated on Debian-based systems
(Ubuntu, Kubuintu and so on) between September 2006 and May 13, 2008 may
be affected by a bug in the Debian project’s OpenSSL package. This
includes generated public/private ssh keypairs and SSL certificate requests.
“all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation.”
Non Debian-based systems can indirectly be affected if Debian-based systems’
weak keys were imported into them.
System administrators of Debian, Ubuntu and Kubuntu systems should take
appropriate actions now, Upgrade your OpenSSL software.
Cryptographic materials should be recreated.