[Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Christoph Martin
martin at uni-mainz.de
Mon May 19 11:13:46 UTC 2008
The Ubuntu openssl maintainers released a openssl-blacklist equivalent
to the openssh-blacklist package. It includes a blacklist with
compromised openssl key hashes and a program with a openssl-vulnkey
program suitable to test your openssl key files.
I think it would be a good think to coordinate the work between debian
and ubuntu and to incorporate this package into debian main.
I am not shure how to include this into a security update and how to
make the users check all there keys. It would be nice to have at least a
warning from libssl if a compromised key is used. The securest way would
be to disable the keys like openssh.
What do you think?
Christoph
--
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: Christoph.Martin at Verwaltung.Uni-Mainz.DE
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20080519/fe196929/attachment.pgp
More information about the Pkg-openssl-devel
mailing list