Security Warning: Serious flaw in Debian Linux OpenSSL Package

Posted on in Categories Debian Linux, Linux, Security last updated May 13, 2008

There is a serious security flaw in Debian openssl – the random number generator in Debian’s openssl package is predictable. As a result, cryptographic key material may be guessable.

=> Package : openssl
=> Vulnerability : predictable random number generator
=> Problem type : remote
=> Debian-specific: yes
=> CVE Id(s) : CVE-2008-0166
=> Checkout description and recommended fix at the following url:

[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on (or read 3 comments/add one below):

3 comment

  1. yes it did affect ubuntu, for a very short time. it was fixed soon after it was found out in 2006. debian type Os’s now uses a much more secure algorithm. much more secure than windows xp. and more secure than vista. PS the time it would take for some one to use this security vulnerability to compromise your system would not be worth it unless you where a business or some one with some money to be made by hacking your system.

Comments are closed.