There is a huge debian/ubuntu (and distros based on them) security issue through a screw up by debian in removing random number generation from the generation of keys in libssl (part of openssl) a couple of years ago.
The reports for ubuntu are here: https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html Oh and openvpn is affected too, although that isn't used by me https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000707.html Anyway I am trying to update a system remotely (over ssh of course, how ironic). The openssh-client and -server updates don't seem to get applied: [EMAIL PROTECTED]:~$ sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages have been kept back: openssh-client openssh-server 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Any idea why not? aptitude does much the same. This is on hardy, with no changes to the default sources.list.
