Cryptographic weakness on Debian systems [LWN.net]

Cryptographic weakness on Debian systems

Posted May 13, 2008 14:04 UTC (Tue) by noahm (subscriber, #40155)
In reply to: Cryptographic weakness on Debian systems by rvfh
Parent article: Cryptographic weakness on Debian systems

Yes, all Debian-derived systems are also vulnerable.  Debian has coordinated with Ubuntu and
other distros on the details of the bug.  If they haven't already fixed it, expect the
derivatives to release updates soon.

noah

(Log in to post comments)

Cryptographic weakness on Debian systems

Posted May 13, 2008 19:48 UTC (Tue) by KingKevbo (guest, #10975) [Link]

I'm not seeing any updates to SSH packages in Debian yet. (I've already applied SSH updates to
my Ubuntu desktop.)  Are they still working on the packages for Debian?

Cryptographic weakness on Debian systems

Posted May 13, 2008 19:52 UTC (Tue) by nix (subscriber, #2304) [Link]

The update is to libssl, not openssh, and it's hit testing.

Cryptographic weakness on Debian systems

Posted May 14, 2008 0:42 UTC (Wed) by nix (subscriber, #2304) [Link]

Oops, sorry, there *is* an openssh update as well, in ubuntu at least.

Cryptographic weakness on Debian systems

Posted May 13, 2008 22:02 UTC (Tue) by maxb (guest, #52055) [Link]

The updated SSH packages in Ubuntu were derived from updates in Debian, but Ubuntu has
published them as a security update, whereas the Debian packages are currently sitting in
incoming.

Cryptographic weakness on Debian systems

Posted May 14, 2008 0:14 UTC (Wed) by cjwatson (subscriber, #7322) [Link]

I worked on the openssh side of the update for both Debian and Ubuntu (largely on Canonical
time, but dealing with openssh in Debian as well). Unfortunately I only managed to get the
openssh update into the upload queue after the Debian system administration team locked down
SSH access in various places, which it transpired also knocked out the ability to publish
further updates for a while ... with any luck this will be sorted out soon.