Re: Debian Security Announcement

Kapil Hari Paranjape wrote:
> Hello,
>
> I am posting this here as it should receive wide exposure.
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> The bottom line(s):
>  1. If you run a Debian or derivative (yes, Ubuntu!) version
>     that is based on etch or later,
> and
>  2a. If you generated an SSH/SSL key on this system 
>  or
>  2b. You created a signature using a openssl DSA key on this
>      system
>
> Then it is likely that your key is weak/compromised. Please change
> it after installing a more recent "openssl"
For Ubuntu Users, here is something to follow and be safe - 
http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/

It is suggested to update your system with the fix available in the 
repos and regenerate both your user and server SSH keys. It's a PITA 
updating the places where you have added your keys to authorized_keys ,  
but it's for your own safety :)

H.T.H

--

-- 
---
With Regards,

Parthan "technofreak"
<gpg>  2FF01026
<blog> http://blog.technofreak.in

_______________________________________________
To unsubscribe, email ilugc-request@... with 
"unsubscribe <password> <address>"
in the subject or body of the message.  
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc