USN-612-1: OpenSSL vulnerability Post: 302194631

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-612-1: OpenSSL vulnerability Post 302194631 by Linux Bot on Tuesday 13th of May 2008 10:30:05 AM

05-13-2008

Registered User

USN-612-1: OpenSSL vulnerability

Referenced CVEs:
CVE-2008-0166

<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT REDHAT

what-patch

WHAT-PATCH(1)						      General Commands Manual						     WHAT-PATCH(1)

NAME

       what-patch - detect which patch system a Debian package uses

SYNOPSIS

       what-patch [options]

DESCRIPTION

       what-patch examines the debian/rules file to determine which patch system the Debian package is using.

       what-patch should be run from the root directory of the Debian source package.

OPTIONS

       Listed below are the command line options for what-patch:

       -h, --help
	      Display a help message and exit.

       -v     Enable verbose mode.  This will include the listing of any files modified outside or the debian/ directory and report any additional
	      details about the patch system if available.

AUTHORS

       what-patch was written by Kees Cook <kees@ubuntu.com>, Siegfried-A. Gevatter <rainct@ubuntu.com>, and  Daniel  Hahler  <ubuntu@thequod.de>,
       among others.  This manual page was written by Jonathan Patrick Davies <jpds@ubuntu.com>.

       Both are released under the GNU General Public License, version 3 or later.

SEE ALSO

       The Ubuntu MOTU team has some documentation about patch systems at the Ubuntu wiki: https://wiki.ubuntu.com/PackagingGuide/PatchSystems

       cdbs-edit-patch(1), dbs-edit-patch(1), dpatch-edit-patch(1)

DEBIAN
								 Debian Utilities						     WHAT-PATCH(1)