1. Have you installed the new JSF Mobile app? Check out all the details here.
    Dismiss Notice
  2. One account & one avatar for all of JSF. Unified login and profile. Forum alerts on the main site, and more. Check out the details here: Forum & main site unified account feature is live!
    Dismiss Notice

Debian OpenSSL vulnerability

Discussion in 'Technical' started by quaker, May 15, 2008.

  1. quaker

    quaker Well-Known Member

    Joined:
    Mar 28, 2004
    Messages:
    98
    Likes Received:
    0
    Hi John,

    I wanted to give you a heads up on a recent Debian OpenSSL vulnerability since you're using Debian on the new servers. The bug is relatively recent, so I'm not sure if your installation is already patched or not.

    Basically, all OpenSSL keys generated on a Debian-based system for the last two years are predictably random and thus vulnerable to attack. The site I linked has info on blacklisted keys and patches for the problem.

    Hopefully you aren't affected, but if so it should be relatively painless to fix.
     
  2. John Stone

    John Stone Every day is Leg Day
    Staff Member Owner

    Joined:
    Jan 20, 2004
    Messages:
    20,867
    Likes Received:
    75
    Oh, yeah, that was patched before the servers were even launched. That sort of thing is part of my regular job, so I'm on all kinds of security mailing lists. :)
     

Share This Page