Re: Debian libssl security (OpenSSH safe?)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Gabriel Linder <linder@...>

To: openbsd-misc <misc@...>

Subject: Re: Debian libssl security (OpenSSH safe?)

Date: Wednesday, May 14, 2008 - 3:41 am

On Tue, 13 May 2008 11:14:59 -0500
Sean Malloy <spinelli85@gmail.com> wrote:

quoted text> On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
> > I guess everyone by now has heard about the very serious libssl
> > vulnerability on Debian/Ubuntu?
> > 
> > Just making sure that the source is safe, thanks.
> > 
> > /juan
> 
> Here is a quote from the official Debian Security announcement,
> DSA-1571 http://www.debian.org/security/2008/dsa-1571.
> 
> "This is a Debian-specific vulnerability which does not affect other
> operating systems which are not based on Debian. However, other
> systems can be indirectly affected if weak keys are imported into
> them."
> 

Just wondering... If someone generates ssh keys with flags J or Z
set in malloc.conf(5), aren't these keys useless too (since feeding
predictable data is more or less equal to not feeding data at all) ?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Debian libssl security (OpenSSH safe?), Juan Miscaro, (Tue May 13, 11:37 am)

Re: Debian libssl security (OpenSSH safe?), Sean Malloy, (Tue May 13, 12:14 pm)

Re: Debian libssl security (OpenSSH safe?), Gabriel Linder, (Wed May 14, 3:41 am)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Wed May 14, 7:22 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 7:24 am)

Re: Debian libssl security (OpenSSH safe?), raven, (Wed May 14, 7:45 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 8:22 pm)

Re: Debian libssl security (OpenSSH safe?), Ben Calvert, (Wed May 14, 8:30 pm)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 10:22 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 10:43 pm)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Thu May 15, 1:11 am)

Re: Debian libssl security (OpenSSH safe?), Dave Ewart, (Thu May 15, 5:02 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Thu May 15, 5:44 am)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Thu May 15, 9:31 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Fri May 16, 2:51 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 11:10 pm)

Re: Debian libssl security (OpenSSH safe?), Jussi Peltola, (Wed May 14, 8:53 pm)

Re: Debian libssl security (OpenSSH safe?), Douglas A. Tutty, (Thu May 15, 9:52 am)

Re: Debian libssl security (OpenSSH safe?), Marc Espie, (Tue May 13, 1:00 pm)

More details show that someone seriously fucked up in debian..., chefren, (Tue May 13, 6:48 pm)

Re: More details show that someone seriously fucked up in de..., Damien Miller, (Thu May 15, 2:05 pm)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 2:47 am)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 7:53 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Ingo Molnar	Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
Jeff Garzik	Re: 2.6.20-rc6-mm3
Rafael J. Wysocki	[Bug 10629] 2.6.26-rc1-$sha1: RIP __d_lookup+0x8c/0x160
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
git:
Martin Waitz	comparing file contents in is_exact_match?
Jakub Narebski	Re: VCS comparison table
Linus Torvalds	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Jakub Narebski	Re: [PATCH] Port to 12 other Platforms.
openbsd-misc:
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Renaud Allard	very weak bridge performance
Alex Thurlow	Router performance on OpenBSD and OpenBGPD
linux-netdev:
Eric Dumazet	[PATCH] IPV4 : Move ip route cache flush (secret_rebuild) from softirq to workqueue
Jarek Poplawski	[PATCH take2][NET] ifb: set separate lockdep classes for queue locks
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Octavian Purdila	race in skb_splice_bits?

Latest forum posts


high memory	1 day ago	Linux kernel
semaphore access speed	1 day ago	Applications and Utilities
the kernel how to power off the machine	1 day ago	Linux kernel
Easter Eggs in windows XP	1 day ago	Windows
Shared swap partition	1 day ago	Linux general
Root password	1 day ago	Linux general
Where/when DNOTIFY is used?	1 day ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	1 day ago	Linux kernel
Linux 2.6.24 and I/O schedulers	1 day ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	1 day ago	Linux general

Show all forums...

Recent Tags

Intel Linus Torvalds -rc 2.6.27 bugs Linux quote 2.6.27-rc8 -rc8

more tags

Colocation donated by:

Online users

Syndicate