Guus Sliepen a écrit : > Hello, > > For those who run tinc on Debian or Debian-based distributions like > Ubuntu and Knoppix, be advised that the following security issue affects > tinc as well: > > http://www.debian.org/security/2008/dsa-1571 > > In short, if you generated public/private keypairs for tinc between 2006 > and May 7th of 2008 on a machine running Debian or a derivative, they may > have been generated without a properly seeded random number generator. > Please ensure you have updated your OpenSSL packages and regenerate all > suspect keypairs. Do not forget to restart tinc. > > If you have compiled a static version of tinc on an affected platform, > you need to recompile tinc to ensure it is statically linked with a > fixed OpenSSL library. > > I do not know if the session keys also have been weak, but it is best to > assume they were. If you exchanged private key material via your tinc > VPN, then an eavesdropper may have seen seen this as well. Regenerate > any keying material that you have exchanged via your tinc VPN if any of > the nodes was running on an affected platform. > Thanks for this information.... lot of work for me :(
Thanks for your job sich _______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
