iTWire - Remote hole affects Debian, Ubuntu

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Blog

Technology news and Jobs

Remote hole affects Debian, Ubuntu

Remote hole affects Debian, Ubuntu

E-mail

by Sam Varghese
Wednesday, 14 May 2008
The Debian GNU/Linux project has announced details of a security problem in the OpenSSL package distributed by the project. It can be exploited remotely. Featured Whitepaper 5 Best Practices for Smartphone Support In a message to the Debian security mailing list, senior developer Florian Weimer said it had been discovered that the random number generator in the package was predictable. OpenSSL is an open source implementation of the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols and a full-strength general purpose cryptography library. Weimer said this was caused by an incorrect Debian-specific change in the package and as a result cryptographic key material could be guessed. He said this was a Debian-specific vulnerability which would not affect systems not based on Debian. Systems based on Debian, such as Ubuntu , are affected. Other systems could be affected if weak keys were imported. He recommended that all cryptographic key material generated by OpenSSL versions starting with version 0.9.8c-1 on Debian systems be recreated. While the version of OpenSSL which had the vulnerability was present in the current stable (Etch), testing and unstable versions of Debian, he said the previous stable version, Sarge, was not affected. Weimer said affected keys included "SSH keys. OpenVPN keys, DNSSEC keys and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though." The project has published a detector for known weak key material and instructions for implementing key rollover for various packages. Tags See All Tags Debian GNU/Linux Linux Sam Varghese Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Subscribe to the RSS

Open Sauce focuses on the wonderful, wacky world of free and open source software where people write great applications and actually allow others to use them without payment.

...Submit press releases here

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking