Brian May
--- Begin Message ---
- To: heimdal-discuss@sics.se
- Subject: FWD: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
- From: Jeffrey Altman <jaltman@secure-endpoints.com>
- Date: Tue, 13 May 2008 09:12:18 -0400
- Message-id: <482993B2.50204@secure-endpoints.com>
- Reply-to: heimdal-discuss@sics.se,Jeffrey Altman <jaltman@secure-endpoints.com>
I strongly advise all readers of this list that use Debian or might have users in your realm (or any realms for which cross-realm key exchange as been performed) to read: http://lists.debian.org/debian-security-announce/2008/msg00152.html This vulnerability will effect any Heimdal distribution built using any Debian package of OpenSSL version 0.9.8c-1 or higher. All long term keys that were generated with this version of OpenSSL and are not derived from a password MUST be changed. Any short term keys that are generated from a vulnerable KDC should be considered suspect. Jeffrey AltmanAttachment: smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---