Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Edubuntu User (http://www.linux-archive.org/edubuntu-user/)
-   -   clients locked out was OpenSSL vulnerability (http://www.linux-archive.org/edubuntu-user/88053-clients-locked-out-openssl-vulnerability.html)

john 05-14-2008 07:17 PM

clients locked out was OpenSSL vulnerability
 
On Tue, May 13, 2008 at 9:12 PM, Richard Doyle
<rdoyle@islandnetworks.com> wrote:
> There is a potentially serious vulnerability in OpenSSL which affects
> Edubuntu and other Debian-based distributions:
> http://www.ubuntu.com/usn/usn-612-1
>
> Fixes are described in http://wiki.debian.org/SSLkeys . Since SSH is a
> vital part of Edubuntu, and is affected by the vulnerability, every
> affected system should be fixed ASAP. As I understand it, the fix for
> version version 7.04 is to run the following commands:
>
> sudo rm /etc/ssh/ssh_host_*
> sudo dpkg-reconfigure openssh-server
> sudo ltsp-update-sshkeys
>

>

I ran the ssl upgrade provided via package manager on my dev-box
running Hardy and rebooted and found my thin clients locked out.
Bummer. Glad I didn't apply this against a production box.

Next I ran the commands Richard mentioned, but no joy there either. I
can log on to the box via the console but thin clients are locked out.

Anyone got a fix? Do I need to chroot to /opt/ltsp/ and rebuild the image??

Can we get an edubuntu specific fix figured out and posted to the wiki asap?


John


>
>
>
>
> --
> edubuntu-users mailing list
> edubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users


All times are GMT. The time now is 11:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.