Security flaw effects OpenSSL keys generated using certain versions of Linux
14 May 2008
A security flaw has been discovered that can effect the cryptographic security of SSL certificates created using certain versions of Linux.
The issue is reported to be specific to the Debian operating system, and its derivatives such as Ubuntu, distributed between 17 September 2006 and 12 May 2008.
The security flaw arose after a Debian-specific change was made to the OpenSSL package that results in predictable values being produced.
According to a statement on the Debian website, it is recommended that all cryptographic key material produced using the effected operating system is re-created after the required operating system patch is applied, and all keys previously produced be considered compromised.
No other operating systems, trusted root CAs or intermediate CAs are reported to be effected.
For more information, see http://lists.debian.org/debian-security-announce/2008/msg00152.html .
Advertise with us
Copyright © 2006 - 2015 Multimedia Australia Pty. Ltd.
Australian Company Number 096 830 394. All rights reserved.
ABN 78 096 830 394
An initiative of Multimedia Australia.