Comments on: Fix for OpenSSL/SSH/VPN Vulnerability in Ubuntu 7.04/7.10/8.04 http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html Ubuntu Linux Tips,Howtos&Tutorials|Edgy,Feisty,Gutsy,Hardy,Intrepid Mon, 06 Oct 2008 16:24:49 +0000 http://wordpress.org/?v=2.5.1 By: johnd http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html#comment-102020 johnd Fri, 16 May 2008 00:29:37 +0000 http://www.ubuntugeek.com/?p=509#comment-102020 @4 (Lolwhites): you do need to upgrade ssl-cert to fix the security leak, but there are more packages. See the corresponding security notice (it contains a list of related packages): http://www.ubuntu.com/usn/usn-612-1 @4 (Lolwhites): you do need to upgrade ssl-cert to fix the security leak, but there are more packages. See the corresponding security notice (it contains a list of related packages):

http://www.ubuntu.com/usn/usn-612-1

]]> By: lolwhites http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html#comment-101263 lolwhites Wed, 14 May 2008 16:01:04 +0000 http://www.ubuntugeek.com/?p=509#comment-101263 I updated today with aptitude and one of the packages installed was <i>[UPGRADE] ssl-cert 1.0.14-0ubuntu2 -> 1.0.14-0ubuntu2.1</i> Was this the security flaw being fixed? I updated today with aptitude and one of the packages installed was [UPGRADE] ssl-cert 1.0.14-0ubuntu2 -> 1.0.14-0ubuntu2.1

Was this the security flaw being fixed?

]]> By: admin http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html#comment-101093 admin Wed, 14 May 2008 09:49:32 +0000 http://www.ubuntugeek.com/?p=509#comment-101093 @johnd - thank for your comments really helpful for users @johnd - thank for your comments really helpful for users

]]> By: johnd http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html#comment-101090 johnd Wed, 14 May 2008 09:43:36 +0000 http://www.ubuntugeek.com/?p=509#comment-101090 Actually, openvpn-vulnkey instructions are here: http://www.ubuntu.com/usn/usn-612-3 Actually, openvpn-vulnkey instructions are here:

http://www.ubuntu.com/usn/usn-612-3

]]> By: johnd http://www.ubuntugeek.com/fix-for-opensslsshvpn-vulnerability-in-ubuntu-704710804.html#comment-101089 johnd Wed, 14 May 2008 09:42:27 +0000 http://www.ubuntugeek.com/?p=509#comment-101089 I believe Ubuntu provides its own set of tools for checking for vulnerable keys: ssh-vulnkey and openvpn-vulnkey. I suppose it's functionally equivalent to Debian's Perl script, but since the Ubuntu copies are already being shipped with the updated, patched packages, one could recommend to prefer these. Usage instructions are covered in the security notice link above as provided by Ubuntu Geek in this article. I believe Ubuntu provides its own set of tools for checking for vulnerable keys: ssh-vulnkey and openvpn-vulnkey. I suppose it’s functionally equivalent to Debian’s Perl script, but since the Ubuntu copies are already being shipped with the updated, patched packages, one could recommend to prefer these.

Usage instructions are covered in the security notice link above as provided by Ubuntu Geek in this article.

]]>