Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities

Thu, May 15 2008 13:10 Don

Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities

Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.

US-CERT encourages users to review the following advisories and apply any necessary workarounds or updates:

Debian Security Advisory DSA-1571-1

Debian Security Advisory DSA-1576-1

Ubuntu Security Notice USN-612-1

Ubuntu Security Notice USN-612-2

Ubuntu Security Notice USN-612-3

Ubuntu Security Notice USN-612-4

Ubuntu Security Notice USN-612-5

Ubuntu Security Notice USN-612-6

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT will provide more information as it becomes available.

http://www.us-cert.gov/current/index.html#debian_openssl_vulnerability

Filed under: Advisories / Bulletins

DP's Security Bits

Search

Tags

News

Community

Syndication

Archives

Links of Interest

Microsoft

Malware Removal Help

Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities