Mailinglist Archive: opensuse-security (10 mails)

< Previous Next >
[opensuse-security] Update to blacklist keys generated on debian?
  • From: "Benji Weber" <benji@xxxxxxxxxxxx>
  • Date: Thu, 15 May 2008 14:54:47 +0100
  • Message-id: <d6b310ce0805150654x162e63fye5a5197909d42afb@xxxxxxxxxxxxxx>
Greetings,

Will we get an online update to blacklist the keys generated on debian
prior to their recent openssl update[0] ?

As lots of people use Debian and derivatives such as Ubuntu I expect
that quite a number of people will be using keys generated on these to
connect to suse servers. Therefore, unless the weak keys are
blacklisted on the suse servers, the servers are made vulnerable by
this exploit. Since the exploit is so public, presumably it would be
prudent to push out an online update that blacklists the keys that
would make people's machines vulnerable?

Apologies if I have missed the update, I can't see it in the released
updates or publictest.

[0] http://lists.debian.org/debian-security-announce/2008/msg00152.html

--
Benjamin Weber
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups