Serious security flaw in Debian

Submitted by editor on May 14, 2008 - 11:58.

A programmer's error has caused a serious security flaw in the popular Debian Linux distribution. All SSL and SSH cryptographic keys, generated on a Debian platform since September 2006, are to be considered potentially compromised. Experts say they will need to recreated from scratch after a fix to the OpenSSL package is applied. The official security advisory, containing link to a detector for known weak keys, is available here.

The random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic keys may be guessable, and encrypted data can be accessed by a third party. The popular Ubuntu distribution, based on Debian, is also affected.

SSH and SSL cryptographic keys are routinely used for basic encryption, server security and online transactions. This security flaw is one of the most serious ones that have been discovered in the popular open-source operating system. Many web hosting companies offer Debian and Ubuntu servers to their clients.

In other Linux-related news, Fedora 9, codenamed "Sulphur," has been released. The operating system is developed by the community-supported Fedora Project and sponsored by Red Hat.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • Yahoo

Trackback URL for this post:

http://www.hostreview.com/icontent/trackback/33


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.