View Single Post
Old 05-16-2008, 05:46 AM   #53
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,175
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
Quote:
Originally Posted by mojojojo View Post
Hi!

As I understand it, this vmware image was built on debian. Is the openssl library installed on it, and is it one of the versions affected by the recent debian openssl critical security flaw?
I'm referring to
http://www.debian.org/security/2008/dsa-1571

In short, what the above link says, is that on debian linux distributions any public keys generated by the flawed openssl library is easily predicted, and unfortunately the flawed openssl version has been in production since late 2006, I believe.
Thanks for the heads-up, mojojojo. Indeed it's a nasty flaw and we've been busy the last days updating all our server keys. In general, keys generated before September 2006 are not affected by the flaw. The recommended procedure is to update openssh/openssl (via aptitude dist-upgrade), replace the host keys, and to run ssh-vulnkey afterwards to check for weak user keys.

Since the VMWare image was created more than one year ago, I suspect there are other security updates necessary as well. So when you download it, it's best to run a system upgrade first before using it.
Alexander Turcic is offline   Reply With Quote