wiki:openssl_vulnerability_2008-05

Version 2 (modified by Jamie McClelland, 12 years ago) (diff)

--

OpenSSL Vulnerability Discovered

A security problem was discovered this week affecting May First/People Link servers.

We are in the process of updating all of servers to ensure that are not vulnerable. As a result of our updates, some users may experience error messages that you did not see before.

Who is affected?

The only members who will be affected are members that:

Secure Shell/Secure FTP users

If you use Secure FTP or secure shell, you will get a message indicating that the host key has changed. Please see our host key changed help file to avoid getting that message in the future.

If you are using our offsite backup system - you will also get the host key changed error - but it will happen during your automated backup process, causing your automated backup to fail until you follow the directions and import the proper new host key.

More Information

Please see the Debian wiki page for a full explanation of the security problem.