[debian-non-standard] Fwd: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Tomasz Chmielewski mangoo at wpkg.org
Tue May 13 21:03:08 CEST 2008


Martin Steigerwald schrieb:
> Hi!
> 
> This shall be interesting for users of the Debian Etch Images that  
> Tomasz Chmielewski kindly provides. If the SSH host keys on that image 
> have been created on Debian Etch, which appears to be likely, or if you 
> recreted them before below mentioned security update, you should install 
> the security update - which at least for MIPS is available via aptitude 
> already - and recreate your SSH host keys:
> 
> rm /etc/ssh/*key*
> dpkg-reconfigure openssh-server
> 
> You will get the man in the middle attack warning of course then and need 
> to remove the old key from ~/.ssh/known_hosts.
> 
> If you use SSL certificates or OpenVPN keys that you created with a buggy 
> version of openssl you should recreate them also.
> 
> Maybe your website should mention this, Tomasz, until you provide an 
> updated image. I could create one if I manage to take the time for it, 
> which might take quite a while.
> 
> Of course this applies to other Debian servers that are connected to the 
> internet. But as especially those ASUS routers are likely to be connected 
> to internet it may apply to them (unless you reject SSH from outside via 
> iptables).

Thanks for the tip.

I added a link with this info for ASUS (mips) and FSG-3 (arm) Debian base 
filesystem downloads.


-- 
Tomasz Chmielewski
http://wpkg.org



More information about the debian-non-standard mailing list