• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Debian/Ubuntu ssh weakness found

 
Pat Farrell
Rancher
Posts: 4660
5
Linux Mac OS X VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is a security patch out today for Debian, ubuntu, and all other distros based on debian.

http://www.ubuntu.com/usn/usn-612-2

In short someone 'fixed' the random number generator in the key generation code in the debian version, and did not send the patch up to the openSSL folks. The patch was bad.

This is an example of why crypto is serious, it can look fine and be used for years.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Somewhat related to the topic of open source security, a couple of links that may be of wider interest:
  • oCERT.org - advisories about open source vulnerabilities
  • Discussion on Is Open Source Good for Security?
  •  
    I agree. Here's the link: http://aspose.com/file-tools
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic