On Mon, May 12, 2008 at 05:31:32PM -0600, dann frazier wrote:
On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote:
Is there any reason this has been labelled as a DoS rather than an
potential arbitrary code execution issue (which
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
A detector for known weak key material will be published at:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
(OpenPGP signature)
On stable I get
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch.
Does openssh store the generation date in the SSH
On 13/05/2008, Stephane Bortzmeyer wrote:
By the way, the page
http://www.debian.org/security/cve-compatibility has a link
http://security-tracker.debian.org/, labeled The Debian Security
Tracker has the canonical list of CVE names, corresponding Debian
packages, and this link is broken:
* Dominic Hargreaves:
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
(OpenPGP signature)
This URL 404s (but the tool URL doesn't... possibly encouraging bad
practice in running unverified code)
Yeah,
* Marcin Owsiany:
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch.
Does openssh store the generation
very bad news
On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED]
* Stephen Gran schrieb:
I also do some rummaging around to figure out what the meta package is
currently depending on, so that I know what vesion Debian currently
considers newest, then compare that to /proc/version. That only works
for etch and newer kernel images, though, so I think I'll
On Tuesday 13 of May 2008, Dominic Hargreaves wrote:
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
(OpenPGP signature)
This URL 404s (but the tool URL doesn't... possibly encouraging bad
practice in
Am Dienstag, den 13.05.2008, 16:02 +0200 schrieb Daniel Leidert:
Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern:
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
A detector for known weak key material will be published at:
On Tue, May 13, 2008 at 03:44:24PM +0200,
Cyril Brulebois [EMAIL PROTECTED] wrote
a message of 31 lines which said:
By the way, the page
http://www.debian.org/security/cve-compatibility has a link
http://security-tracker.debian.org/, labeled The Debian Security
Tracker has the
On Tue, May 13, 2008 at 04:17:03PM +0200, Florian Weimer wrote:
The $db-close call is wrong, you can just remove it, or download the
new version (where this should be fixed).
Works now, thanks.
Kind regards,
Philipp Kern
--
.''`. Philipp Kern Debian Developer
:
* Florian Weimer [EMAIL PROTECTED] [2008-05-13 14:06 +0200]:
Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key
* Nicolas Rachinsky:
The diffs
http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141view=diffr1=141r2=140p1=openssl/trunk/rand/md_rand.cp2=/openssl/trunk/rand/md_rand.c
and
Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern:
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote:
A detector for known weak key material will be published at:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
Am Dienstag, den 13.05.2008, 15:51 +0200 schrieb Stephane Bortzmeyer:
On Tue, May 13, 2008 at 03:44:24PM +0200,
packages, and this link is broken: there is no
security-tracker.debian.org.
Just in case you don't know about it yet, try .net.
Nice and useful but the Web page should be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florian Weimer said:
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions. The old stable distribution
(sarge) is not
Hello,
Am Dienstag, 13. Mai 2008 schrieb [EMAIL PROTECTED]:
[] openssl - predictable random number generator
very bad news
indeed - since I have to chip certificates for multiple OpenVPN networks :(
(This time, I'll do it on OpenBSD ;)
However, I'm curious: I could this happen? (Although
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer [EMAIL PROTECTED] disait:
Package: openssl
Vulnerability : predictable random number generator
Some other random questions:
- It seems that firefox does not handle CRL unless manually imported,
On Tue, May 13, 2008 at 07:38:27PM +, Sam Morris wrote:
On Tue, 13 May 2008 21:29:53 +0200, Vincent Bernat wrote:
- It seems that firefox does not handle CRL unless manually imported,
correct? This means that in most cases already issued certificates
are still vulnerable
Hello,
Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer [EMAIL PROTECTED] disait:
Package: openssl
Vulnerability : predictable random number generator
Some other random questions:
- It
On Tue, May 13, 2008 at 3:52 PM, Jan Luehr [EMAIL PROTECTED] wrote:
For the last question, I see several solutions:
- the user has to read the DSA and handle it himself
Since some keys are generated automatically, (e.g. ssh host keys) users will
have to regenerate keys,they haven't
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John
Keimel [EMAIL PROTECTED] disait:
Since some keys are generated automatically, (e.g. ssh host keys) users will
have to regenerate keys,they haven't generated in the first place and might
not be aware of their existens.
Jan Luehr wrote:
Hello,
Am Dienstag, 13. Mai 2008 schrieb Corey Hickey:
Jan Luehr wrote:
Hello,
Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer [EMAIL PROTECTED] disait:
Package: openssl
On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote:
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John
Keimel [EMAIL PROTECTED] disait:
Since some keys are generated automatically, (e.g. ssh host keys) users
will
have to regenerate keys,they
Hello,
Am Dienstag, 13. Mai 2008 schrieb Corey Hickey:
Jan Luehr wrote:
Hello,
Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer [EMAIL PROTECTED] disait:
Package: openssl
Jan Luehr wrote:
Hello,
Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
Florian Weimer [EMAIL PROTECTED] disait:
Package: openssl
Vulnerability : predictable random number generator
Some other random
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:38, John
Keimel [EMAIL PROTECTED] disait:
Restarting OpenSSH do not close existing connections.
Yes, that's correct. I agree.
But the instructions I saw were for 'shutting down the SSHD server' -
not just 'restarting it'.
Hello,
Am Dienstag, 13. Mai 2008 schrieb John Keimel:
On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote:
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John
Keimel [EMAIL PROTECTED] disait:
Since some keys are generated automatically, (e.g.
On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote:
rm /etc/ssh/ssh_host_*
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
/etc/init.d/ssh restart
- job done.
Keep smiling
yanosz
Shorter one:
rm /etc/ssh/ssh_host_*
On May 13, 2008, at 2:35 PM, dererk wrote:
On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote:
rm /etc/ssh/ssh_host_*
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
/etc/init.d/ssh restart
- job done.
Keep smiling
yanosz
MOI BAN VAO XEM WEBSITE HAY
www.thongtri.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Jan Luehr wrote:
However, I'm curious: [how] could this happen?
This is the best explanation I've seen so far :
http://it.slashdot.org/comments.pl?sid=551636cid=23392602
I have no idea if it's correct, but it sounds very plausible.
If there was any mistake it may have been to try too hard
33 matches
Mail list logo