[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gulliver] pour info : avis de sécurité sur debian


From François <francois dot joulaud at bzh dot net>
Subject Re: [gulliver] pour info : avis de sécurité sur debian
Date Wed, 14 May 2008 13:23:09 +0200

On Le Wednesday 14 May 2008, à 13:23:09, pascal wrote:
> >  > http://www.us.debian.org/security/2008/dsa-1571

> It is strongly recommended that all cryptographic key material which has
> been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
> systems is recreated from scratch.
> 
> Comment le savoir ? (la version génératrice).

En gros :
| Characteristics of potentially vulnerable keys:
|  * generated since 2006-09-17
|  * generated with etch, lenny or sid (sarge is not vulnerable)
|  * generated using openssl, ssh-keygen, or 'openvpn --keygen' (GnuPG and GNUTLS are not affected)

D'autres infos sur <http://wiki.debian.org/SSLkeys> dont des liens
vers des outils de test pour vérifier si les clefs appartiennent à la
liste des clefs imitables.

À noter aussi que :
| compromise of other keys or passwords that were transmitted over an
| encrypted link that was set up using weak keys. Note that this last
| point means that passwords transmitted over ssh to a server with a
| weak dsa server key could be compromised too;