Hello all,

Two days ago, a major security flaw was discovered in Debian's SSL
packages:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html

All 64 Studio users who ever use SSH to allow remote access should
update their systems against the http://security.debian.org/ repository,
unless they have already done so today.

In System Tools -> Synaptic Package Manager, go to Settings ->
Repositories. The security repository should be marked Enabled, with a
check on the left side. If you click on this line, the details of the
security repository should be shown as follows:

Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main

Click OK, then the Reload button, then the Mark All Upgrades button.
Then click Apply. Several package updates will be downloaded and
Synaptic will prompt you about services that need to be restarted.

After the update, you can run the program:

$ ssh-vulnkey

to find out if you have any of the known vulnerable keys on your
machine. Even if you don't have any known vulnerable keys, you should
delete all keys on your system and generate fresh keys.

Cheers!

Daniel

_______________________________________________
64studio-users mailing list
64studio-users@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-users

Hello all,

Two days ago, a major security flaw was discovered in Debian's SSL
packages:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html

All 64 Studio users who ever use SSH to allow remote access should
update their systems against the http://security.debian.org/ repository,
unless they have already done so today.

In System Tools -> Synaptic Package Manager, go to Settings ->
Repositories. The security repository should be marked Enabled, with a
check on the left side. If you click on this line, the details of the
security repository should be shown as follows:

Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main

Click OK, then the Reload button, then the Mark All Upgrades button.
Then click Apply. Several package updates will be downloaded and
Synaptic will prompt you about services that need to be restarted.

After the update, you can run the program:

$ ssh-vulnkey

to find out if you have any of the known vulnerable keys on your
machine. Even if you don't have any known vulnerable keys, you should
delete all keys on your system and generate fresh keys.

Cheers!

Daniel

_______________________________________________
64studio-devel mailing list
64studio-devel@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-devel

Hi

I'm clueless but maybe not the only one .

> All 64 Studio users who ever use SSH to allow remote access

On my system SSH and SSL are already upgraded. I don't understand what
kind of remote access you mean.
I think that I don't use or allow any kind of remote access.

> $ ssh-vulnkey
>
> to find out if you have any of the known vulnerable keys on your
> machine. Even if you don't have any known vulnerable keys, you should
> delete all keys on your system and generate fresh keys.
>

spinymouse@64studio:~$ ssh-vulnkey
Not blacklisted: 2048 bb:39:83:82:1b:31:77:20:8c:bd:4e:14:95:b3:13:9a
/etc/ssh/ssh_host_rsa_key
Not blacklisted: 1024 e7:a7:8c:c4:a9:56:0a:e7:b6:eb:43:5a:90:61:b3:eb
/etc/ssh/ssh_host_dsa_key

I only use https for online banking etc. and openPGP for encryption as
far as I know.

Is your advice relevant for users like me?

Cheers,
Ralf

_______________________________________________
64studio-users mailing list
64studio-users@64studio.com
http://lists.64studio.com/mailman/listinfo/64studio-users