[Ilugc] Debian Security Announcement
Parthan SR
parth.technofreak at gmail.com
Wed May 14 08:56:23 IST 2008
Kapil Hari Paranjape wrote:
> Hello,
>
> I am posting this here as it should receive wide exposure.
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> The bottom line(s):
> 1. If you run a Debian or derivative (yes, Ubuntu!) version
> that is based on etch or later,
> and
> 2a. If you generated an SSH/SSL key on this system
> or
> 2b. You created a signature using a openssl DSA key on this
> system
>
> Then it is likely that your key is weak/compromised. Please change
> it after installing a more recent "openssl"
For Ubuntu Users, here is something to follow and be safe -
http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/
It is suggested to update your system with the fix available in the
repos and regenerate both your user and server SSH keys. It's a PITA
updating the places where you have added your keys to authorized_keys ,
but it's for your own safety :)
H.T.H
--
---
With Regards,
Parthan "technofreak"
<gpg> 2FF01026
<blog> http://blog.technofreak.in
More information about the ilugc
mailing list