Changes between Version 5 and Version 6 of openssl_vulnerability_2008-05


Ignore:
Timestamp:
May 14, 2008, 3:46:45 PM (12 years ago)
Author:
alfredo
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • openssl_vulnerability_2008-05

    v5 v6  
    1111''End of Header for email section''
    1212
    13 This week, a security problem was discovered in the Debian operating system that affects May First/People Link servers.
     13This week, a security problem was discovered in the Debian operating system used by May First/People Link servers and announced within the Debian community (which is world-wide). This problem creates a "vulnerability", a potential "hold" in the server's security system which can be exploited by someone to get into the system and do damage or get information from it.
    1414
    15 We are in the process of updating all of servers to ensure that are not vulnerable. As a result of our updates, some users may experience error messages that you did not see before.
     15No one has done this to us yet and we are in the process of updating all of servers to ensure that they are not vulnerable. As a result of these updates, some users may experience error messages that you did not see before.
    1616
    1717== Who is affected? ==
     
    2020
    2121 * Use [wiki:sftp Secure FTP] or [wiki:secure_shell secure shell (ssh)] to connect to either `malcolm.mayfirst.org` or `mandela.mayfirst.org` (`viewsic.mayfirst.org` and `chavez.mayfirst.org` are not affected).
     22
    2223 * Use our offsite backup system
    2324
     
    3233If you are using our offsite backup system - you will also get the [wiki:ssl_host_key_changed host key changed error] - but it will happen during your automated backup process, causing your automated backup to fail until you follow the directions and import the proper new host key.
    3334
     35Keep in mind that this does not affect your information or any of the functionality you have on our servers. We have not been compromised. We're just in touch because you may see this message and become concerned.
     36
    3437== More Information ==
    3538
    36 Host keys are random bits of text that are unique to every server. The randomness of the keys allows us to have a secure, encrypted connection between you and the server. Due to a bug in the software used to generate our host keys, they were not generated in a way that was random enough. In other words, the range of bits used to create the keys was limited to a guessable number. To fix the problem, we had to re-generated all the affected keys.
     39Host keys are random bits of text that are unique to every server. The randomness of the keys allows us to have a secure, encrypted connection between you and the server. Due to a bug in the software used to generate our host keys, they were not generated in a way that was random enough: the range of bits used to create the keys was limited to a guessable number. This means that, with the proper program and lots of time, a hacker could "guess" the key. Not likely but possible and possible is good enough for us. To fix the problem, we had to re-generate all the affected keys and that's what's causing that error.
    3740
    3841Please see the [http://wiki.debian.org/SSLkeys Debian wiki page] for a full explanation of the security problem.