There is a serious security flaw in Debian openssl - the random number generator in Debian's openssl package is predictable. As a result, cryptographic key material may be guessable.
=> Package : openssl
=> Vulnerability : predictable random number generator
=> Problem type : remote
=> Debian-specific: yes
=> CVE Id(s) : CVE-2008-0166
=> Checkout description and recommended fix at the following url:
[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 3 comments… read them below or add one }
Does this security flaw also infect Ubuntu? Or Just Debian? I’m asking since I know Ubuntu is Debian based and I have an Ubuntu Server in my closet.
Yes, it should affect Ubuntu. Better upgrade your openssl software. Checkout
http://www.ubuntu.com/usn/usn-612-2. If you run Ubuntu based server, I strongly recommend security rss subscription.
yes it did affect ubuntu, for a very short time. it was fixed soon after it was found out in 2006. debian type Os’s now uses a much more secure algorithm. much more secure than windows xp. and more secure than vista. PS the time it would take for some one to use this security vulnerability to compromise your system would not be worth it unless you where a business or some one with some money to be made by hacking your system.