[wplug] OpenSSL security vulnerability

Christopher DeMarco demarco at maya.com
Thu May 15 10:49:24 EDT 2008


On Thu, May 15, 2008 at 10:32:09AM -0400, Brian Sammon wrote:

> > I haven't seen any discussion of this, but it's actually very important. 
> > Some time ago, approximately two years, a single line was removed from the 
> > Debian installation of OpenSSL.  Reading around, it looks like it was 
> > removed because the line caused a problem when profiling the code with 
> > Valgrind.  Unfortunately, this had the nasty side effect of reducing the 
> > possible key space to 2^15 keys instead of 2^1024 possible keys.  Yeah, it 
> 
> Reference?

The horse's mouth, as it were...

    http://www.debian.org/security/2008/dsa-1576


-- 
Christopher DeMarco <demarco at maya.com>
IT Director
MAYA Group
+1-412-488-2900



More information about the wplug mailing list