openssl

Rebuild mail-notification to support SSL under Ubuntu/Debian

admin — Mon, 08 Sep 2008 13:06:30 -0500

Because of a four-year-old disagreement on the legal interpretation of the GPL and OpenSSL licenses, Debian is shipping a neutered and useless version of mail-notification without SSL support.

Does Debian's OpenSSL flaw call Linux security into question?

admin — Thu, 04 Sep 2008 22:37:17 -0500

In May of 2008, researchers found a flaw in the Debian GNU/Linux operating system's random number generator, making any OpenSSL keys generated during the past 20 months so predictable that they could be ...

Open-Source Security Idiots

admin — Thu, 28 Aug 2008 11:39:25 -0500

Sometimes, people do such stupid things that words almost fail me. That’s the case with a Debian ‘improvement’ to OpenSSL that rendered this network security program next to useless in Debian, Ubuntu and other related Linux distributions.

Debian needs some serious commit review

admin — Fri, 11 Jul 2008 20:11:38 -0500

You’ve probably heard by now about the gaping hole in keys generated by Debian’s OpenSSL. If not, the summary is that your SSH keys and SSL certs were selected from a fixed pool of 215 (32,767) possibilities, and are thus easy to brute-force over the network. If you have any keys generated on a Debian system, you need to immediately replace them or

Distribution Release: PelicanHPC 1.5.1

admin — Tue, 20 May 2008 11:20:38 -0500

Michael Creel has announced the release of PelicanHPC 1.5.1 (formerly PrallelKnoppix), a Debian-based live CD designed to make it simple to set up a high-performance computing cluster. This updates fixes the recent "predictable randomness" vulnerability in Debian's build of OpenSSL and all users are strongly encouraged to upgrade.....

Massive flaw in Debian Linux's Open SSL. Affects thousands.

admin — Fri, 16 May 2008 14:17:57 -0500

This is just a little more than a "oops" flaw. This is a huge mistake that WILL affect you Ubuntu users as well!"Moore documents the cause of the bug and explains how easily attackers can create every possible key the flawed OpenSSL implementation can generate."

Weakness in OpenSSL on Debian and Ubuntu Discovered

admin — Wed, 14 May 2008 23:05:02 -0500

If you are using Debian or any other distro that's based on it (such as Ubuntu), you are advised to update, because a weakness was discovered in the random number generator used by OpenSSL. To fix the problem, you will have to update the OpenSSL packages and regenerate any private keys made on Debian (Etch or newer) or Ubuntu 7.04 and higher.

debian infrastructure ssh key logins disabled, passwords reset

admin — Tue, 13 May 2008 14:45:19 -0500

Due to the weakness in our openssl's random number generator (see the
Debian Security Advisory #1571 from a few minutes ago) that affects
among other things ssh keys we have disabled public key auth on all
project systems until further notice.