On Wed, May 14, 2008 at 12:00 PM, Sean Dague <[EMAIL PROTECTED]> wrote: > Yesterday Debian issued a security advisory regarding their ssh package. > The key generator for openssl keys (affecting ssh, vpns, and certs) has > been non random since 2006 (more details here: > http://it.slashdot.org/it/08/05/13/1533212.shtml) > > If you are running any Ubuntu or Debian systems, make sure you upgrade > packages (the fixes hit the package repositories yesterday afternoon) > otherwise ssh is pretty much just telnet. Ubuntu will regenerate your > host keys for you, and give you other appropriate warnings, things are > more manual on the Debian front (I experienced it first hand on both > systems yesterday.) > > -Sean
I did an update in aptitude and saw the following output: The following packages have been kept back: libxcompshad nxagent nxlibs nxproxy openssh-client openssh-server ssl-cert The following packages will be upgraded: ssh-askpass-gnome I'm not sure why openssh-server is being held back, so my questions are: 1. Is this an effected package, or does upgrading ssh-askpass-gnome take care of this issue? 2. How do I determine why a package is being held back? 3. Is there a way to force the update? -- John D. Mort http://john.mort.net _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Jun 4 - Sqeak! and eToys Jul 2 - KVM (Tenative) Aug 6 - Zenos Sep 3 - TBD
