Changes between Version 2 and Version 3 of openssl_vulnerability_2008-05


Ignore:
Timestamp:
May 14, 2008, 5:53:06 PM (17 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • openssl_vulnerability_2008-05

    v2 v3  
    11= OpenSSL Vulnerability Discovered =
    22
    3 A security problem was discovered this week affecting May First/People Link servers.
     3'''Header only for email section'''
     4
     5Dear May First/People Link members,
     6
     7We are sending this message to all members due to an unusual security problem.
     8
     9'''End of Header for email section'''
     10
     11This week, a security problem was discovered in the Debian operating system that affects May First/People Link servers.
    412
    513We are in the process of updating all of servers to ensure that are not vulnerable. As a result of our updates, some users may experience error messages that you did not see before.
     
    917The ''only'' members who will be affected are members that:
    1018
    11  * Use [wiki:sftp Secure FTP] or [wiki:secure_shell secure shell (ssh)] to connect to our servers
     19 * Use [wiki:sftp Secure FTP] or [wiki:secure_shell secure shell (ssh)] to connect to either `malcolm.mayfirst.org` or `mandela.mayfirst.org` (`viewsic.mayfirst.org` and `chavez.mayfirst.org` are not affected).
    1220 * Use our offsite backup system
    1321
    1422== Secure Shell/Secure FTP users ==
    1523
    16 If you use Secure FTP or secure shell, you will get a message indicating that the host key has changed. Please see our [wiki:ssl_host_key_changed host key changed] help file to avoid getting that message in the future.
     24If you use Secure FTP or secure shell, you will get a message indicating that the host key has changed along the lines of:
     25
     26WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
     27
     28Please see our [wiki:ssl_host_key_changed host key changed] help file to avoid getting that message in the future.
    1729
    1830If you are using our offsite backup system - you will also get the [wiki:ssl_host_key_changed host key changed error] - but it will happen during your automated backup process, causing your automated backup to fail until you follow the directions and import the proper new host key.
     
    2032== More Information ==
    2133
     34Host keys are random bits of text that are unique to every server. The randomness of the keys allows us to have a secure, encrypted connection between you and the server. Due to a bug in the software used to generate our host keys, they were not generated in a way that was random enough. In other words, the range of bits used to create the keys was limited to a guessable number. To fix the problem, we had to re-generated all the affected keys.
     35
    2236Please see the [http://wiki.debian.org/SSLkeys Debian wiki page] for a full explanation of the security problem.