Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-612-8: openssl-blacklist update
Special Forums Cybersecurity Security Advisories (RSS) USN-612-8: openssl-blacklist update Post 302197696 by Linux Bot on Wednesday 21st of May 2008 12:40:05 PM
Old 05-21-2008
USN-612-8: openssl-blacklist update
Description:
=========================================================== Ubuntu Security Notice USN-612-8 May 21, 2008openssl-blacklist updatehttp://www.ubuntu.com/usn/usn-612-1http://www.ubuntu.com/usn/usn-612-3===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: openssl-blacklist 0.1-0ubuntu0.6.06.1Ubuntu 7.04: openssl-blacklist 0.1-0ubuntu0.7.04.4Ubuntu 7.10: openssl-blacklist 0.1-0ubuntu0.7.10.4Ubuntu 8.04 LTS: openssl-blacklist 0.1-0ubuntu0.8.04.4In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:USN-612-3 addressed a weakness in OpenSSL certificate and keygeneration in OpenVPN by introducing openssl-blacklist to aid indetecting vulnerable private keys. This update enhances theopenssl-vulnkey tool to check X.509 certificates as well, andprovides the corresponding update for Ubuntu 6.06. While theOpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist isnow provided for Ubuntu 6.06 for checking certificates and keysthat may have been imported on these systems.This update also includes the complete RSA-1024 and RSA-2048blacklists for all Ubuntu architectures, as well as support forother future blacklists for non-standard bit lengths.You can check for weak SSL/TLS certificates by installingopenssl-blacklist via your package manager, and using theopenssl-vulnkey command.$ openssl-vulnkey /path/to/certificate_or_keyThis command can be used on public certificates and private keysfor any X.509 certificate or RSA key, including ones for webservers, mail servers, OpenVPN, and others. If in doubt, destroythe certificate and key and generate new ones. Please consult thedocumentation for your software when recreating SSL/TLScertificates. Also, if certificates have been generated for useon other systems, they must be found and replaced as well.Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.





More...
 

LEARN ABOUT REDHAT

what-patch

WHAT-PATCH(1)						      General Commands Manual						     WHAT-PATCH(1)

NAME

       what-patch - detect which patch system a Debian package uses

SYNOPSIS

       what-patch [options]

DESCRIPTION

       what-patch examines the debian/rules file to determine which patch system the Debian package is using.

       what-patch should be run from the root directory of the Debian source package.

OPTIONS

       Listed below are the command line options for what-patch:

       -h, --help
	      Display a help message and exit.

       -v     Enable verbose mode.  This will include the listing of any files modified outside or the debian/ directory and report any additional
	      details about the patch system if available.

AUTHORS

       what-patch was written by Kees Cook <kees@ubuntu.com>, Siegfried-A. Gevatter <rainct@ubuntu.com>, and  Daniel  Hahler  <ubuntu@thequod.de>,
       among others.  This manual page was written by Jonathan Patrick Davies <jpds@ubuntu.com>.

       Both are released under the GNU General Public License, version 3 or later.

SEE ALSO

       The Ubuntu MOTU team has some documentation about patch systems at the Ubuntu wiki: https://wiki.ubuntu.com/PackagingGuide/PatchSystems

       cdbs-edit-patch(1), dbs-edit-patch(1), dpatch-edit-patch(1)

DEBIAN
								 Debian Utilities						     WHAT-PATCH(1)
All times are GMT -4. The time now is 12:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy