• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

IRIS

Instructional & Research Information Systems

EECS

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • SSL Certificate Request
  • Rates

Debian OpenSSL vulnerabilities

May 16, 2008 by Mark Kraitchman

All SSL and SSH keys generated on Debian-based systems
(Ubuntu, Kubuintu and so on) between September 2006 and May 13, 2008 may
be affected by a bug in the Debian project’s OpenSSL package. This
includes generated public/private ssh keypairs and SSL certificate requests.

http://www.debian.org/security/2008/dsa-1571
also states:
“all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation.”

Non Debian-based systems can indirectly be affected if Debian-based systems’
weak keys were imported into them.

System administrators of Debian, Ubuntu and Kubuntu systems should take
appropriate actions now, Upgrade your OpenSSL software.
Cryptographic materials should be recreated.

References:
http://www.debian.org/security/2008/dsa-1571
http://lists.debian.org/debian-security-announce/2008/msg00152.html
http://metasploit.com/users/hdm/tools/debian-openssl
http://lists.centos.org/pipermail/centos-announce/2008-May/014902.html
http://www.ubuntu.com/usn/usn-612-1
http://www.us-cert.gov/cas/techalerts/TA08-137A.html

Filed Under: News

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.

Copyright © 2021 · Berkeley CoE Theme on Genesis Framework · Privacy · Log in