[64studio-devel] Major security flaw in Etch SSL packages
Daniel James
daniel at 64studio.com
Thu May 15 11:48:56 BST 2008
Hello all,
Two days ago, a major security flaw was discovered in Debian's SSL
packages:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html
All 64 Studio users who ever use SSH to allow remote access should
update their systems against the http://security.debian.org/ repository,
unless they have already done so today.
In System Tools -> Synaptic Package Manager, go to Settings ->
Repositories. The security repository should be marked Enabled, with a
check on the left side. If you click on this line, the details of the
security repository should be shown as follows:
Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main
Click OK, then the Reload button, then the Mark All Upgrades button.
Then click Apply. Several package updates will be downloaded and
Synaptic will prompt you about services that need to be restarted.
After the update, you can run the program:
$ ssh-vulnkey
to find out if you have any of the known vulnerable keys on your
machine. Even if you don't have any known vulnerable keys, you should
delete all keys on your system and generate fresh keys.
Cheers!
Daniel
More information about the 64studio-devel
mailing list