VanDyke Software

Security Advisory

Security Advisory

Debian has released a security advisory (DSA-1571-1) describing a vulnerability in the the random number generator used by the OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other Debain-based operating systems. This vulnerability causes the generated numbers to be predictible. This is not a vulnerability in VanDyke applications and there is no need to update VanDyke applications to address this issue. However, it is recommended that you upgrade your Debian- and Ubuntu-based systems and then regenerate cryptographic key material as described in the advisory.


Posted: July 7, 2008

Description

Debian has released a security advisory (DSA-1571-1) describing a vulnerability in the the random number generator used by the OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other Debain-based operating systems. This vulnerability causes the generated numbers to be predictible, which could result in cryptographic key material being guessable.

This vulnerability is present in OpenSSL versions starting with 0.9.8c-1 on the Debian GNU/Linux operating systems and its derivatives. These problems have been fixed in versions 0.9.8c-4etch3 (stable) and 0.9.8g-9 (unstable).

Note, this is not a vulnerability in VanDyke applications and there is no need to update VanDyke applications to address this issue. However, it is recommended that you upgrade your Debian- and Ubuntu-based systems and then regenerate cryptographic key material as described in the advisory.

Please refer to the following Debian Security Advisory for more information on the vulnerability and update procedures.

http://www.debian.org/security/2008/dsa-1571

Technical Support

If you have any questions concerning upgrade eligibility in response to this security advisory, please contact VanDyke Software.
 

Official Postings

US-CERT published an advisory on this vulnerability on May 16, 2008.
VanDyke Software posted this page on July 7, 2008.
 

Revision History

July 7, 2008 - Security Advisory published.