Kapil Hari Paranjape wrote:
Hello,
I am posting this here as it should receive wide exposure.
http://lists.debian.org/debian-security-announce/2008/msg00152.html
The bottom line(s):
1. If you run a Debian or derivative (yes, Ubuntu!) version
that is based on etch or later,
and
2a. If you generated an SSH/SSL key on this system
or
2b. You created a signature using a openssl DSA key on this
system
Then it is likely that your key is weak/compromised. Please change
it after installing a more recent "openssl"
For Ubuntu Users, here is something to follow and be safe -
http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/
It is suggested to update your system with the fix available in the
repos and regenerate both your user and server SSH keys. It's a PITA
updating the places where you have added your keys to authorized_keys ,
but it's for your own safety :)
H.T.H
--
---
With Regards,
Parthan "technofreak"
<gpg> 2FF01026
<blog> http://blog.technofreak.in
_______________________________________________
To unsubscribe, email [EMAIL PROTECTED] with
"unsubscribe <password> <address>"
in the subject or body of the message.
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
