[wplug] OpenSSL security vulnerability
Christopher DeMarco
demarco at maya.com
Thu May 15 10:49:24 EDT 2008
On Thu, May 15, 2008 at 10:32:09AM -0400, Brian Sammon wrote:
> > I haven't seen any discussion of this, but it's actually very important.
> > Some time ago, approximately two years, a single line was removed from the
> > Debian installation of OpenSSL. Reading around, it looks like it was
> > removed because the line caused a problem when profiling the code with
> > Valgrind. Unfortunately, this had the nasty side effect of reducing the
> > possible key space to 2^15 keys instead of 2^1024 possible keys. Yeah, it
>
> Reference?
The horse's mouth, as it were...
http://www.debian.org/security/2008/dsa-1576
--
Christopher DeMarco <demarco at maya.com>
IT Director
MAYA Group
+1-412-488-2900
More information about the wplug
mailing list