[wplug] OpenSSL security vulnerability
D. Joe
wplug at etrumeus.com
Thu May 15 11:46:49 EDT 2008
On Thu, May 15, 2008 at 11:19:07AM -0400, Michael Semcheski wrote:
> I want to clarify something here:
>
> This affects not just the server keys, but also any user keys that may have
> been generated (e.g., id_rsa).
>
> Thus, if you have an authorized_keys entry for a key generated from an
> Ubuntu or Debian system, the prudent thing is probably to delete it, and
> regenerate your user keys.
Another huge one is that keys associate with SSL certificates are affected.
So, the SSL certificate you use on your web server, or that is used by the
web server of a site you visit, could be affected.
For a list of affected items, see:
http://wiki.debian.org/SSLkeys
To see if your distribution might be affected, look for either Debian or
Ubuntu in the "Base Distribution" column of this table
http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#General
--
Joe
More information about the wplug
mailing list