[Uaflug] Debian SSH Advisory...
roger
roger at eskimo.com
Tue May 13 14:54:06 AKDT 2008
Should of got Gentoo? ;-)
Nothing posted within (Gentoo) GLSA's yet.
http://www.gentoo.org/security/en/index.xml
On Tue, 2008-05-13 at 14:29 -0800, Orion Sky Lawlor wrote:
> Debian screwed up the openSSH key generation algorithm in 2007,
> so SSH keys generated with Ubuntu 7.04, 7.10, and 8.04 are weak,
> coming from a small set of known "blacklisted" keys that are fairly
> easy to bruteforce.
>
> They realized the bug 2008-05-13:
> http://article.gmane.org/gmane.linux.debian.security.announce/1614
> http://www.ubuntu.com/usn/usn-612-2
>
> Debian/Ubuntu users, upgrade your packages! The new package
> "ssh-vulnkey" will look for weak "blacklisted" keys on your machine.
> I'm a big Ubuntu fan, and I found a few bad keys on my machines!
--
Roger
http://www.eskimo.com/~roger/index.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://linux0.cs.uaf.edu/pipermail/uaflug/attachments/20080513/8c54f18e/attachment.pgp
More information about the uaflug
mailing list