|
|
Discuss
>
WebGUI Dev
|
|
|
User
|
patspam
|
|
Date
|
5/14/2008 7:00 pm
|
|
Views
|
447
|
|
Rating
|
1
Rate [ | ]
|
|
|
Previous
·
Next
|
patspam
|
Date: 5/14/2008 7:00 pm · Subject: The debian openssl/openssh bug · Rating: 1
I'm sure everyone has seen this by now, but in case you missed it:
Anyone whose wG server is running any of the following releases based on Debian:
- Ubuntu 7.04 (Feisty)
- Ubuntu 7.10 (Gutsy)
- Ubuntu 8.04 LTS (Hardy)
- Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
- Debian 4.0 (etch) (see corresponding Debian security advisory)
Need to recreate all cryptographic key material from scratch (howto).
Ouch.
http://taint.org/2008/05/13/153959a.html
Patrick
|
| Back to Top |
Rate [ | ]
|
| |
patspam
|
Date: 5/14/2008 8:50 pm · Subject: Re: The debian openssl/openssh bug · Rating: 0
Just a bit more on this, "cryptographic key material" includes any SSL certificates you have generated on debian-based systems.
Thankfully the WRE version of openssl is less than the effected version number (0.9.8c-1) even in the most recent WRE, and probably doesn't contain the debian patch anyway, so I don't think you need to regenerate any SSL certificates you created using the WRE's openssl binary.
Patrick
On Thu, May 15, 2008 at 10:00 AM, <pat@patspam.com> wrote:
patspam wrote:
I'm sure everyone has seen this by now, but in case you missed
it:
Anyone whose wG server is running any of the following releases
based on Debian:
- Ubuntu 7.04 (Feisty)
- Ubuntu 7.10
(Gutsy)
- Ubuntu 8.04 LTS (Hardy)
- Ubuntu "Intrepid Ibex"
(development): libssl <= 0.9.8g-8
- Debian 4.0 (etch) (see
corresponding Debian security advisory)
Need to recreate all
cryptographic key material from scratch (howto).
Ouch.
http://taint.org/2008/05/13/153959a.html
Patrick
http://www.plainblack.com/webgui/dev/discuss/the-debian-openssl/openssh-bug
--
Plain Black, makers of WebGUI
http://plainblack.com
|
| Back to Top |
Rate [ | ]
|
| |
|
|
|
