Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
Hello,
Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer:
> Package : openssh
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
> 1. Install the security updates
>
> This update contains a dependency on the openssl update and will
> automatically install a corrected version of the libss0.9.8 package,
> and a new package openssh-blacklist.
>
> Once the update is applied, weak user keys will be automatically
> rejected where possible (though they cannot be detected in all
> cases).
It might be helpful to know, in what cases weak keys can / cannot be detected.
Keep smiling
yanosz
Reply to: