≡ Menu

Security Warning: Serious flaw in Debian Linux OpenSSL Package

There is a serious security flaw in Debian openssl – the random number generator in Debian’s openssl package is predictable. As a result, cryptographic key material may be guessable.

=> Package : openssl
=> Vulnerability : predictable random number generator
=> Problem type : remote
=> Debian-specific: yes
=> CVE Id(s) : CVE-2008-0166
=> Checkout description and recommended fix at the following url:

[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 3 comments… add one }
  • Nathan Gutierrez May 13, 2008, 9:02 pm

    Does this security flaw also infect Ubuntu? Or Just Debian? I’m asking since I know Ubuntu is Debian based and I have an Ubuntu Server in my closet.

  • nixCraft May 13, 2008, 9:08 pm

    Yes, it should affect Ubuntu. Better upgrade your openssl software. Checkout
    http://www.ubuntu.com/usn/usn-612-2. If you run Ubuntu based server, I strongly recommend security rss subscription.

  • bob dole April 10, 2009, 1:39 am

    yes it did affect ubuntu, for a very short time. it was fixed soon after it was found out in 2006. debian type Os’s now uses a much more secure algorithm. much more secure than windows xp. and more secure than vista. PS the time it would take for some one to use this security vulnerability to compromise your system would not be worth it unless you where a business or some one with some money to be made by hacking your system.

Leave a Comment


   Tagged with: , , , , , , , , ,