Major security flaw in Etch SSL packages

Two days ago, a major security flaw was discovered in Debian's SSL packages:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0166
http://lists.debian.org/debian-security-announce/2008/msg00152.html

All 64 Studio users who ever use SSH to allow remote access should update their systems against the http://security.debian.org/ repository, unless they have already done so today.

In System Tools -> Synaptic Package Manager, go to Settings -> Repositories. The security repository should be marked Enabled, with a check on the left side. If you click on this line, the details of the security repository should be shown as follows:

Binary (deb)
URI: http://security.debian.org/
Distribution: etch/updates
Section(s): main

Click OK, then the Reload button, then the Mark All Upgrades button. Then click Apply. Several package updates will be downloaded and Synaptic will prompt you about services that need to be restarted.

After the update, you can run the program:

$ ssh-vulnkey

to find out if you have any of the known vulnerable keys on your machine. Even if you don't have any known vulnerable keys, you should delete all keys on your system and generate fresh keys.

By Daniel at 05/15/2008 - 11:01
Login or register to post comments

Search this site:

In the forums:

Today's poll:

What format would you prefer for downloading 64 Studio? (Register or log in to vote)

DVD install image

39%

DVD live image with install option

42%

I don't have a DVD burner so I have to use CD-R

14%

I installed version 0.1 and only used apt since :-)

Total votes: 157

OEM & Custom:

Users:

Developers:

Communication:

Endorsements:

Advertisements:

User login