[mgrondona@llnl.gov: [slurm-dev] Debian OpenSSL vulnerability (CVE-2008-0166)]
Slurm-llnl users please notice this announcement on the slurm-dev
mailing list.
--
Gennaro Oliva
----- Forwarded message from "Mark A. Grondona" <mgrondona@llnl.gov> -----
From: "Mark A. Grondona" <mgrondona@llnl.gov>
Date: Fri, 16 May 2008 09:10:07 -0700
Subject: [slurm-dev] Debian OpenSSL vulnerability (CVE-2008-0166)
To: slurm-dev@lists.llnl.gov
For anyone that uses SLURM on Debian, and uses OpenSSL for job credentials,
please be aware of the recent Debian openssl vulnerability described here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
Please be sure to run the latest Debian openssl packages.
Additionally, if you created slurm keys under OpenSSL 0.9.8c-1 up to
0.9.8g-9 on Debian-based operating systems, you'll need to recreate
your keys. Due to the nature of the bug introduced in Debian, your
current keys are trivially exploitable.
mark
----- End forwarded message -----
Reply to: