Newly found Vulnerabilities 05/16/08:
Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.We encourage users to review the following advisories and apply any necessary workarounds or updates:
Debian Security Advisory DSA-1571-1
Debian Security Advisory DSA-1576-1
Ubuntu Security Notice USN-612-1
Ubuntu Security Notice USN-612-2
Ubuntu Security Notice USN-612-3
Ubuntu Security Notice USN-612-4
Ubuntu Security Notice USN-612-5
Ubuntu Security Notice USN-612-6
Additional information about these vulnerabilities is available in the Vulnerability Notes Database.
http://serchez.net
Friday, May 16, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment