[CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
Ned Slider
ned at unixmail.co.uk
Wed May 14 23:40:51 UTC 2008
Clint Dilks wrote:
> Hi People,
>
> I know this may seem off topic, but I thought for those of us who might
> have Debian users generating key pairs that they put on CentOS systems
> people should be aware that
>
> everybody who generated a public/private keypair or an SSL
> cert request on Debian or Ubuntu from 2006 on is vulnerable
>
> http://it.slashdot.org/it/08/05/13/1533212.shtml
>
I've been following this story too after reading about it on SANS
Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4414
I wonder how far reaching this is. One wonders if any of the trusted
root CAs have issued vulnerable certs as a result.
More information about the CentOS
mailing list