[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: Dirk-Willem van Gulik <dirkx () webweaving ! org>
Date: 2008-05-19 15:29:02
Message-ID: 269498C9-3C60-4D03-AB3A-D652E8417D95 () webweaving ! org
[Download RAW message or body]
On May 17, 2008, at 1:34 PM, Matteo Vescovi wrote:
>
>> are there updates for this issue for old stable - sarge?
>
> It was said sarge is not affected,
Bear in mind that you still want blacklist support for the various
tools, not just for the known_hosts and authorized_keys; but also for
people who move their identify files around, generate the web/mail
server's their x509 cert (request) on a laptop/off-line prior to
moving it onto the server and so on*.
Dw.
*: I found about a 1 to 3901 ratio between affected and non-affected
keys out of about 50k ssh-keys and
21k x509's (using the not yet complete lists!) in an environment
which is virtually only Windows,
MacOSX and FreeBSD. I think it is reasonable to assume that this
is fairly common - hence you want
these blacklist tools on a wider range of platforms/OS-es.
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic