|
Posted: July 7, 2008
Description
Debian has released a security advisory (DSA-1571-1) describing a
vulnerability in the the random number generator used by the OpenSSL
package included with the Debian GNU/Linux, Ubuntu, and other Debain-based
operating systems. This vulnerability causes the generated numbers to be
predictible, which could result in cryptographic key material being guessable.
This vulnerability is present in OpenSSL versions starting with 0.9.8c-1
on the Debian GNU/Linux operating systems and its derivatives. These
problems have been fixed in versions 0.9.8c-4etch3 (stable) and 0.9.8g-9
(unstable).
Note, this is not a vulnerability in VanDyke applications and there is
no need to update VanDyke applications to address this issue. However,
it is recommended that you upgrade your Debian- and Ubuntu-based systems
and then regenerate cryptographic key material as described in the advisory.
Please refer to the following Debian Security Advisory for more information
on the vulnerability and update procedures.
http://www.debian.org/security/2008/dsa-1571
|
Technical Support
|
If you have any questions concerning upgrade eligibility
in response to this security advisory, please contact
VanDyke Software.
|
| |
|
Official Postings
|
US-CERT published an advisory on this vulnerability on May 16, 2008.
VanDyke Software posted this page on July 7, 2008.
|
| |
|
Revision History
|
July 7, 2008 - Security Advisory published.
|
|
