[debian-non-standard] Fwd: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Tomasz Chmielewski
mangoo at wpkg.org
Tue May 13 21:03:08 CEST 2008
Martin Steigerwald schrieb:
> Hi!
>
> This shall be interesting for users of the Debian Etch Images that
> Tomasz Chmielewski kindly provides. If the SSH host keys on that image
> have been created on Debian Etch, which appears to be likely, or if you
> recreted them before below mentioned security update, you should install
> the security update - which at least for MIPS is available via aptitude
> already - and recreate your SSH host keys:
>
> rm /etc/ssh/*key*
> dpkg-reconfigure openssh-server
>
> You will get the man in the middle attack warning of course then and need
> to remove the old key from ~/.ssh/known_hosts.
>
> If you use SSL certificates or OpenVPN keys that you created with a buggy
> version of openssl you should recreate them also.
>
> Maybe your website should mention this, Tomasz, until you provide an
> updated image. I could create one if I manage to take the time for it,
> which might take quite a while.
>
> Of course this applies to other Debian servers that are connected to the
> internet. But as especially those ASUS routers are likely to be connected
> to internet it may apply to them (unless you reject SSH from outside via
> iptables).
Thanks for the tip.
I added a link with this info for ASUS (mips) and FSG-3 (arm) Debian base
filesystem downloads.
--
Tomasz Chmielewski
http://wpkg.org
More information about the debian-non-standard
mailing list