billgoldberg
May 14th, 2008, 08:00 AM
"This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable."
"Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though."
(http://lists.debian.org/debian-security-announce/2008/msg00152.html)
Kind of a big screw-up.
I believe ubuntu is/was also affected.
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable."
"Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though."
(http://lists.debian.org/debian-security-announce/2008/msg00152.html)
Kind of a big screw-up.
I believe ubuntu is/was also affected.