[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gulliver] pour info : avis de sécurité sur debian
|
From |
François <francois dot joulaud at bzh dot net> |
|
Subject |
Re: [gulliver] pour info : avis de sécurité sur debian |
|
Date |
Wed, 14 May 2008 13:23:09 +0200 |
On Le Wednesday 14 May 2008, à 13:23:09, pascal wrote:
> > > http://www.us.debian.org/security/2008/dsa-1571
> It is strongly recommended that all cryptographic key material which has
> been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
> systems is recreated from scratch.
>
> Comment le savoir ? (la version génératrice).
En gros :
| Characteristics of potentially vulnerable keys:
| * generated since 2006-09-17
| * generated with etch, lenny or sid (sarge is not vulnerable)
| * generated using openssl, ssh-keygen, or 'openvpn --keygen' (GnuPG and GNUTLS are not affected)
D'autres infos sur <http://wiki.debian.org/SSLkeys> dont des liens
vers des outils de test pour vérifier si les clefs appartiennent à la
liste des clefs imitables.
À noter aussi que :
| compromise of other keys or passwords that were transmitted over an
| encrypted link that was set up using weak keys. Note that this last
| point means that passwords transmitted over ssh to a server with a
| weak dsa server key could be compromised too;