Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
From: Jan Luehr <jluehr@gmx.net>
Date: Wed, 14 May 2008 12:17:14 +0200
Message-id: <[🔎] 200805141217.14805.jluehr@gmx.net>
In-reply-to: <87fxslxmon.fsf@mid.deneb.enyo.de>
References: <87fxslxmon.fsf@mid.deneb.enyo.de>

Hello,

Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer:
> Package        : openssh
> Vulnerability  : predictable random number generator
> Problem type   : remote
> Debian-specific: yes
> CVE Id(s)      : CVE-2008-0166

> 1. Install the security updates
>
>    This update contains a dependency on the openssl update and will
>    automatically install a corrected version of the libss0.9.8 package,
>    and a new package openssh-blacklist.
>
>    Once the update is applied, weak user keys will be automatically
>    rejected where possible (though they cannot be detected in all
>    cases).  

It might be helpful to know, in what cases weak keys can / cannot be detected.

Keep smiling
yanosz

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
  - From: CaT <cat@zip.com.au>

Prev by Date: Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
Next by Date: AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
Previous by thread: Re: AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
Next by thread: Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
Index(es):
- Date
- Thread