May 14, 2008

Critical OpenSSL vulnerability in Debian and derivated distributions.

Author: JT Smith

Debian and Ubuntu published fixed packages of the OpenSSL software and urge all users to install them in order to bypass a critical weakness in this software.Luciano Bello, discovered that the random generator in Debian's openssl package is predictable. It causes serious consequences to all cryptographic material generated by the vulnerable versions of OpenSSL.

It could be easy to guess the encryption key by applying a brute force attack.

Only Debian, Ubuntu and their derivated distributions have reported this weakness in OpenSSL.

Please browse to get a further reading about it as well as to download fixed packages of OpenSSL.

Visit Debian and Ubuntu for updates on it and for download fixed versions of OpenSSL.



  • Security
Click Here!