Am 13. Mai, 2008 schwätzte Alex Dean so:
I've got a personal server and a laptop running Ubuntu Hardy. I've run full
system updates including libssl, openssl, etc.
Crypto isn't really my thing, so I'm not sure all the places where this issue
might have affected me. After the update, I regenerated my host keys for
openssh, the certificate used for courier-imap-ssl, and the self-signed cert
I use for the web server.
What other steps might I need to take? Are the things I've done so far
sensible, or were they unnecessary?
Sensible if the certs were generated in the last couple of years.
I think certs/keys older than 2006 should be safe.
If you have client sessions open to services make sure they get restarted
as well.
One of the posts I read suggested also changing passwords for systems that
had weak keys.
Luckily most of my keys are older than the bug :).
ciao,
der.hans
--
# https://www.LuftHans.com/ https://LOPSA.org/
# If determining good culture is left up to busybodies and politicians,
# we will be left with culture fit only for busybodies and politicians.
# -- Jeff Taylor, Reason
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
