- Joined
- Jan 2, 2004
Ubuntu users: OFFICAL ADVISORY
Debian users: OFFICIAL ADVISORY
All users: Metasploit summary of OpenSSL vulnerability
Summary: A weakness has been found in the Debian (and Ubuntu) openssl package, making its "pseudorandom number generator" (PRNG) into a predictable random number generator (also a PRNG ). In short, the keys generated by openssl may not be as robust as they should be (indeed, possibly easily breached in a matter of six hours or so of CPU time).
From the Ubuntu advisory:
Ubuntu and Debian users should execute the following:
...to update libssl to the latest (not vulnerable) version.
Debian users: OFFICIAL ADVISORY
All users: Metasploit summary of OpenSSL vulnerability
Summary: A weakness has been found in the Debian (and Ubuntu) openssl package, making its "pseudorandom number generator" (PRNG) into a predictable random number generator (also a PRNG ). In short, the keys generated by openssl may not be as robust as they should be (indeed, possibly easily breached in a matter of six hours or so of CPU time).
From the Ubuntu advisory:
Code:
All OpenSSH and X.509 keys generated on such systems must be
considered untrustworthy, regardless of the system on which they are used,
even after the update has been applied.
Ubuntu and Debian users should execute the following:
Code:
sudo apt-get update
sudo apt-get install openssl