[TiLUG] Segnalazione Bug
tm
matteo.pasotti@gmail.com
Mer 14 Maggio 2008 17:16:45 CEST
ciao a tutti,
la prima fonte non la conosco bene, ci sono capitato per caso :)
La seconda credo sia un po' pił affidabile.
[cito src="http://www.vitadiunsysadmin.net/"]
Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable."
[...]
Qui il messaggio della lista di distribuzione di Debian
http://lists.debian.org/debian-security-announce/2008/msg00152.html
[/cito]
Devo dire che non condivido le vaccate che l'autore di questo blog spara
su debian, ma si possono tranquillamente ignorare, errare é umano
Altra citazione
[cito]
>From the Ubuntu mailing list
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.
We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.
[/cito]
Saluti
--
Matteo aka TM
Maggiori informazioni sulla lista
TiLUG