------------------------------------------------------------------------
Debian Security Advisory DSA-1571-1
security@debian.org http://www.debian.org/security/
Florian Weimer
May 13, 2008
http://www.debian.org/security/faq -
------------------------------------------------------------------------
Package : openssl
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing
and current stable (etch) distributions. The old stable distribution
(sarge) is not affected.
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in
SSL/TLS connections. Keys generated with GnuPG or GNUTLS are
not affected, though.