[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FWD: [SECURITY] [DSA 1571-1] New openssl packages fix predictablerandom number generator



I strongly advise all readers of this list that use Debian or might have
users in your realm (or any realms for which cross-realm key exchange as
been performed) to read:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

This vulnerability will effect any Heimdal distribution built using any
Debian package of OpenSSL version 0.9.8c-1 or higher.

All long term keys that were generated with this version of OpenSSL
and are not derived from a password MUST be changed.

Any short term keys that are generated from a vulnerable KDC should be
considered suspect.

Jeffrey Altman

S/MIME Cryptographic Signature