The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    ALERT: Debian / Ubuntu SSL vulnerability

    Discussion in 'Linux Compatibility and Software' started by wearetheborg, May 16, 2008.

  1. wearetheborg

    wearetheborg Notebook Virtuoso

    Reputations:
    1,282
    Messages:
    3,122
    Likes Received:
    0
    Trophy Points:
    105
    Last edited by a moderator: May 8, 2015
    wearetheborg, May 16, 2008
    #1
  2. prol91

    prol91 Notebook Consultant

    Reputations:
    54
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    30
    I think I heard that all the linux systems are vulnerable and not just debian and debian based.Is that true?
     
    prol91, May 16, 2008
    #2
  3. theZoid

    theZoid Notebook Savant

    Reputations:
    1,338
    Messages:
    5,202
    Likes Received:
    22
    Trophy Points:
    206
    I, yesterday I think, received an automated ssl update from ubuntu....fix?
     
    theZoid, May 16, 2008
    #3
  4. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    [​IMG]

    (copyright xkcd)
     
    Baserk, May 16, 2008
    #4
  5. wearetheborg

    wearetheborg Notebook Virtuoso

    Reputations:
    1,282
    Messages:
    3,122
    Likes Received:
    0
    Trophy Points:
    105

    Note that only upgrading the packages wont fix the problem, the affected keys need to be regenerated.

    http://wiki.debian.org/SSLkeys

    Only if you are using keys generated on a debian system.
     
    Last edited by a moderator: May 8, 2015
    wearetheborg, May 16, 2008
    #5
  6. Pitabred

    Pitabred Linux geek con rat flail!

    Reputations:
    3,300
    Messages:
    7,115
    Likes Received:
    3
    Trophy Points:
    206
    It was caused by a patch made by a Debian developer, and it stayed only inside the Debian distribution (and distros based on Debian like Ubuntu). It didn't go upstream into the main SSH tree, so there's little to no danger of other distros also being compromised unless they took from Debian's patches without noting it.
     
    Pitabred, May 16, 2008
    #6