Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Linux

Linux

Weakness in OpenSSL on Debian and Ubuntu Discovered

Immediate update is advised

By Daniel Voicu, Linux Editor

14th of May 2008, 08:55 GMT

Adjust text size:


Debian Desktop
Enlarge picture
If you are using Debian or any other distro that's based on it (such as Ubuntu), you are advised to update, because a weakness was discovered in the random number generator used by OpenSSL. To fix the problem, you will have to update the OpenSSL packages and regenerate any private keys made on Debian (Etch or newer) or Ubuntu
7.04 and higher.

Because of this issue, some encryption keys are much simpler than they should be. An attacker could find the key through a brute-force attack. The encryption keys used in OpenSSH, OpenVPN and SSL certificates are the most affected by the weakness. Those generated with GnuPG or GNUTLS do not suffer from this vulnerability.

OpenSSL version 0.98c-1 was the first vulnerable version and was uploaded in the unstable distribution on September 17, 2006. Since then, the data propagated to the testing and current stable (Etch) distributions. Sarge, the old distribution, is not vulnerable. The problem was caused by a patch to OpenSSL.

Although the vulnerability affects operating systems based on Debian, it could indirectly affect other systems if a weak encryption key is imported into them.

OpenSSL is an open-source implementation of the TLS and SSL protocols, and is based on SSLeay, a project by Eric Young and Tim Hudson, who stopped the development of their software at the end of 1998. The core library of OpenSSL is written in C, implementing the basic cryptographic functions.

OpenSSL supports cryptographic algorithms like Blowfish, DES, RC2, IDEA, MD5, RSA and more.

So, if you are using any of the following Linux distributions, you are advised to update immediately:

■ Debian Etch
■ Ubuntu Feisty Fawn
■ Ubuntu Gutsy Gibbon
■ Ubuntu Hardy Heron

After you update the packages, regenerate all the private keys you've made on these systems.

TAGS:

 Debian | Ubuntu | OpenSSL | security | linux


Rating:
Fair (2.8/5) 6 vote(s) so far    

Read by 1,834 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Ubuntu Weekly Report: 4th - 10th May, 2008

Powerset - The Way You Should Search Wikipedia

First Beta Release of Linux Mint 5.0 Is Here

Fedora Weekly Report: 5th - 11th May, 2008

Beyond Linux From Scratch 6.3 RC1 Launched

Build Yourself an HDD Library with Hardbox Enclosures

Installing Fedora 9 Sulphur

First Look at Sulphur, Fedora 9

Endian Firewall 2.2 RC1 Brings New Features and Enhancements

Google Is Prepared for the Future

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive