Software Industry Professionals
Home   Members   Join   Industry   Consumers   Software   Contact Us   About Us
 

Security flaw effects OpenSSL keys generated using certain versions of Linux

14 May 2008

A security flaw has been discovered that can effect the cryptographic security of SSL certificates created using certain versions of Linux.

The issue is reported to be specific to the Debian operating system, and its derivatives such as Ubuntu, distributed between 17 September 2006 and 12 May 2008.

The security flaw arose after a Debian-specific change was made to the OpenSSL package that results in predictable values being produced.

According to a statement on the Debian website, it is recommended that all cryptographic key material produced using the effected operating system is re-created after the required operating system patch is applied, and all keys previously produced be considered compromised.

No other operating systems, trusted root CAs or intermediate CAs are reported to be effected.

For more information, see http://lists.debian.org/debian-security-announce/2008/msg00152.html .


Click here to return to the developer information site.


 

Advertise with us

Copyright © 2006 - 2015 Multimedia Australia Pty. Ltd.
Australian Company Number 096 830 394. All rights reserved.
ABN 78 096 830 394
Terms of use. Disclaimer. Privacy Statement.

An initiative of Multimedia Australia.
An initiative of Multimedia Australia.