[ic] Off Topic: Debian OpenSSL vulnerability (affects all debian derivatives such as Ubuntu as well)

Peter peter at pajamian.dhs.org
Tue May 13 20:52:41 UTC 2008

This is off topic for IC, but it is important enough that I feel it 
necessary to spread the word about this one.  Basically there is a 
vulnerability in the random number generator used in OpenSSL in Debian 
and Debian-based Linux distributions.  If you have generated a key 
either for SSH or SSL or used an SSL key for cryptographic signing on 
one of these systems in the past year or two you need to (1) update your 
systems to the latest version of OpenSSL, (2) generate new keys and (3) 
re-encrypt any encrypted documents you may have.

Relevant links:


More information about the interchange-users mailing list