Hi,
Florian Weimer wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1571-1
>
security@... http://www.debian.org/security/> Florian Weimer
> May 13, 2008
>
http://www.debian.org/security/faq -
> ------------------------------------------------------------------------
>
> Package : openssl
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
>
> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
> distribution on 2006-09-17, and has since propagated to the testing
> and current stable (etch) distributions. The old stable distribution
> (sarge) is not affected.
>
> Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
> material for use in X.509 certificates and session keys used in
> SSL/TLS connections. Keys generated with GnuPG or GNUTLS are
> not affected, though.
So does this mean that all keys shown with "apt-key list" are okay? If not,
then these need to be addressed too.
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 9012 2178
National No: 1300 85 3804
Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.auhttp://adsl2choice.net.auIn Case of Emergency --
http://www.affinityvision.com.au/ice.html
--
To UNSUBSCRIBE, email to
debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
