[DSA 1571-1] Heimdal

To: debian-devel@lists.debian.org
Subject: [DSA 1571-1] Heimdal
From: Brian May <bam@snoopy.debian.net>
Date: Thu, 15 May 2008 15:33:41 +1000
Message-id: <[🔎] 482BCB35.1050606@snoopy.debian.net>

Apparently, Heimdal in Debian also is affected. I am not aware of anysolution other then to manually regenerate all keys.


Brian May

--- Begin Message ---

To: heimdal-discuss@sics.se

Subject: FWD: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

From: Jeffrey Altman <jaltman@secure-endpoints.com>

Date: Tue, 13 May 2008 09:12:18 -0400

Message-id: <482993B2.50204@secure-endpoints.com>

Reply-to: heimdal-discuss@sics.se,Jeffrey Altman <jaltman@secure-endpoints.com>
I strongly advise all readers of this list that use Debian or might have
users in your realm (or any realms for which cross-realm key exchange as
been performed) to read:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

This vulnerability will effect any Heimdal distribution built using any
Debian package of OpenSSL version 0.9.8c-1 or higher.

All long term keys that were generated with this version of OpenSSL
and are not derived from a password MUST be changed.

Any short term keys that are generated from a vulnerable KDC should be
considered suspect.

Jeffrey Altman
Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--- End Message ---

Reply to:

Follow-Ups:
- Re: [DSA 1571-1] Heimdal
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: openssh-blacklist for !Debian
Next by Date: ssl problems: gpg affected?
Previous by thread: Re: openssh-blacklist for !Debian
Next by thread: Re: [DSA 1571-1] Heimdal
Index(es):
- Date
- Thread