[CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs

Wed May 14 23:40:51 UTC 2008
Ned Slider <ned at unixmail.co.uk>

Clint Dilks wrote:
> Hi People,
> 
> I know this may seem off topic, but I thought for those of us who might 
> have Debian users generating key pairs that they put on CentOS systems 
> people should be aware that
> 
> everybody who generated a public/private keypair or an SSL
> cert request on Debian or Ubuntu from 2006 on is vulnerable
> 
> http://it.slashdot.org/it/08/05/13/1533212.shtml
> 

I've been following this story too after reading about it on SANS 
Internet Storm Center:

http://isc.sans.org/diary.html?storyid=4414

I wonder how far reaching this is. One wonders if any of the trusted 
root CAs have issued vulnerable certs as a result.