FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > 64 Studio > 64 Studio User

 
 
LinkBack Thread Tools
 
Old 05-15-2008, 10:48 AM
Daniel James
 
Default Major security flaw in Etch SSL packages

Hello all,

Two days ago, a major security flaw was discovered in Debian's SSL
packages:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html

All 64 Studio users who ever use SSH to allow remote access should
update their systems against the http://security.debian.org/ repository,
unless they have already done so today.

In System Tools -> Synaptic Package Manager, go to Settings ->
Repositories. The security repository should be marked Enabled, with a
check on the left side. If you click on this line, the details of the
security repository should be shown as follows:

Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main

Click OK, then the Reload button, then the Mark All Upgrades button.
Then click Apply. Several package updates will be downloaded and
Synaptic will prompt you about services that need to be restarted.

After the update, you can run the program:

$ ssh-vulnkey

to find out if you have any of the known vulnerable keys on your
machine. Even if you don't have any known vulnerable keys, you should
delete all keys on your system and generate fresh keys.

Cheers!

Daniel

_______________________________________________
64studio-users mailing list
64studio-users@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-users
 
Old 05-15-2008, 10:48 AM
Daniel James
 
Default Major security flaw in Etch SSL packages

Hello all,

Two days ago, a major security flaw was discovered in Debian's SSL
packages:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html

All 64 Studio users who ever use SSH to allow remote access should
update their systems against the http://security.debian.org/ repository,
unless they have already done so today.

In System Tools -> Synaptic Package Manager, go to Settings ->
Repositories. The security repository should be marked Enabled, with a
check on the left side. If you click on this line, the details of the
security repository should be shown as follows:

Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main

Click OK, then the Reload button, then the Mark All Upgrades button.
Then click Apply. Several package updates will be downloaded and
Synaptic will prompt you about services that need to be restarted.

After the update, you can run the program:

$ ssh-vulnkey

to find out if you have any of the known vulnerable keys on your
machine. Even if you don't have any known vulnerable keys, you should
delete all keys on your system and generate fresh keys.

Cheers!

Daniel

_______________________________________________
64studio-devel mailing list
64studio-devel@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-devel
 
Old 05-15-2008, 12:36 PM
Ralf Mardorf
 
Default Major security flaw in Etch SSL packages

Hi

I'm clueless but maybe not the only one .

> All 64 Studio users who ever use SSH to allow remote access

On my system SSH and SSL are already upgraded. I don't understand what
kind of remote access you mean.
I think that I don't use or allow any kind of remote access.

> $ ssh-vulnkey
>
> to find out if you have any of the known vulnerable keys on your
> machine. Even if you don't have any known vulnerable keys, you should
> delete all keys on your system and generate fresh keys.
>

spinymouse@64studio:~$ ssh-vulnkey
Not blacklisted: 2048 bb:39:83:82:1b:31:77:20:8c:bd:4e:14:95:b3:13:9a
/etc/ssh/ssh_host_rsa_key
Not blacklisted: 1024 e7:a7:8c:c4:a9:56:0a:e7:b6:eb:43:5a:90:61:b3:eb
/etc/ssh/ssh_host_dsa_key

I only use https for online banking etc. and openPGP for encryption as
far as I know.

Is your advice relevant for users like me?

Cheers,
Ralf

_______________________________________________
64studio-users mailing list
64studio-users@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-users
 

Thread Tools




All times are GMT. The time now is 10:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org