[CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs

Wed May 14 23:40:51 UTC 2008
Ned Slider <ned at unixmail.co.uk>

Clint Dilks wrote:
> Hi People,
> I know this may seem off topic, but I thought for those of us who might 
> have Debian users generating key pairs that they put on CentOS systems 
> people should be aware that
> everybody who generated a public/private keypair or an SSL
> cert request on Debian or Ubuntu from 2006 on is vulnerable
> http://it.slashdot.org/it/08/05/13/1533212.shtml

I've been following this story too after reading about it on SANS 
Internet Storm Center:


I wonder how far reaching this is. One wonders if any of the trusted 
root CAs have issued vulnerable certs as a result.