|
OpenSSL bug found in Debian Linux: related news
Tags:
debian linux openssl bug found
A severe vulnerability was found in the random number generator (RNG) of the Debian OpenSSL package, starting with version 0.9.8c-1 (and similar packages in derived distributions such as Ubuntu). While this bug is not present in the OpenSSL packages provided by CentOS, it may still affect CentOS users. The bug barred the OpenSSL random number generator from gaining enough entropy required for generating unpredicatable keys. In fact it appearss that the only source for entropy was the process ID of the process generating a key, which is chosen from a very small range and is predictable. As such, all keys generated using the Debian OpenSSL library should be considered compromized. Programs that use OpenSSL include OpenSSH and OpenVPN. Note that GnuPG and GNU TLS do not use OpenSSL, so they are not affected.
in Computer Security
via LWN @ 20:40 17th May
- Related
SecurityBob writes "Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu.
in Web Developer
via Slashdot @ 14:42 13th May
- Related
DEBIAN LINUX got a bit of a black eye Tuesday with the announcement that a nasty cryptographic vulnerability exists in its version of the OpenSSL package.
in Developer
via TheInquirer.net @ 11:29 14th May
- Related
A major security hole was discovered in the pseudo-random number generator (PRNG) of the Debian version of OpenSSL. OpenSSL is one of the most used cryptographic software, that allows the creation of secure network connections with the protocols called SSL and TLS. It is included in many popular computer programs, like the Mozilla Firefox web browser and the Apache web server. Debian is one of the most used GNU/Linux distributions, on which are based other distributions, like Ubuntu and Knoppix. The problem affects all the Debian-based distributions that were used to create cryptographic keys since the September 17, 2006. The bug was discovered by Luciano Bello, an argentine Debian package maintainer, and was announced on May 13, 2008.
in Linux
via Wikinews @ 8:45 21st May
- Related
Egan Orion the Inquirer, Wednesday 14 May 2008. 13:24:00 Cryptographic insecurity DEBIAN LINUX got a bit of a black eye Tuesday with the announcement that a nasty cryptographic vulnerability exists in its version of the OpenSSL package.
in Computer Security
via Addict3d.org @ 13:53 14th May
- Related
Linux desktop news, tips and how-tos for value-added resellers (VARs), solution providers, consultants and systems integrators helping customers select, install and manage Linux desktops. You'll find expert advice, best practices and tutorials to help you manage and support Linux desktops, including information on choosing Linux distributions and platforms, offering Linux desktop support services, configuring Linux desktops, migrating to Linux, the advantages of Linux for the desktop and more open source considerations and channel opportunities around the Linux desktop.
in Developer
via SearchSystemsChannel.com @ 1:33 3rd Jul
- Related
We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable. We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem. Such modules negate the openness, stability, flexibility, and maintainability of the Linux development model and shut their users off from the expertise of the Linux community. Vendors that provide closed-source kernel modules force their customers to give up key Linux advantages or choose new vendors. Therefore, in order to take full advantage of the cost savings and shared support benefits open source has to offer, we urge vendors to adopt a policy of supporting their customers on Linux with open-source kernel code.
in Developer
via OSDir.com @ 17:32 24th Jun
- Related
A bug found in Debian Linux, from which the popular Linux version Ubuntu is derived, puts at risk a number of cryptographic keys generated on Debian systems between September 2006 and May 13, 2008, according to security researcher H.D. Moore. The keys placed at risk include the type typically used to protect e-commerce transactions. The bug resulted from the deletion of a section of code that was responsible for providing the random numbers that are the foundation of the keys. As a consequence, keys generated could be vulnerable to attackers.
in Open Source
via Technology Review @ 20:23 16th May
- Related
Avnet Inc. has released its Xilinx MicroBlaze Processor Linux DVD, MicroBlaze Processor Linux Starter Kit and the launch of the Linux for MicroBlaze Processor SpeedWay Design Workshop. The stand-alone Linux for MicroBlaze Processor DVD is based on both PetaLogix Petalinux and LynuxWork’s BlueCAT Linux distribution and tool chains. The DVD demonstrates how to port Linux into a Field Programmable Gate Array (FPGA) design using the 32-bit Xilinx MicroBlaze processor. It also highlights the benefits and tradeoffs when using the Memory Management Unit (MMU) in the MicroBlaze processor. The MMU enables designers to use commercial-grade operating systems when implementing their embedded designs with Xilinx FPGAs. The MicroBlaze Processor Linux Starter Kit includes the Linux for MicroBlaze Processor DVD, the Xilinx Embedded Development Kit - Spar
in Linux
via ECN Asia @ 12:50 20th May
- Related
Add our medical news to Google Add our medical news to del.icio.us - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to digg - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to NewsVine - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to Fark - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to Furl - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to Shadows - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to YahooMyWeb - Salmonella bacteria found in garden birds are sensitive to antibiotics Add our medical news to Reddit -Salmonella bacteria found in garden birds are sensiti
in Biological Science
via News-Medical.Net @ 0:43 3rd Jun
- Related
Michael writes "Back in September AMD had announced a new ATI Linux driver as well as opening up their GPU specifications, and today they have taken an additional step to better support the Linux OS. With the just-announced Radeon HD 4850 RV770 they have provided same-day Linux support, and the Linux driver is now shipping alongside the Windows driver on their product CDs. In addition, they are encouraging their AIB partners to showcase Tux on the product packaging as a sign of Linux support. Last but certainly not least, AMD is committed from top-to-bottom product support on Linux and they will be introducing high-end features in their Linux driver such as MultiGPU CrossFire technology. Phoronix has a run-down on AMD's evolutionary leap in Linux support along with information on the open-source support for the RV770 GPU.
in Web Developer
via Slashdot @ 8:19 20th Jun
- Related
"We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable. We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem. Such modules negate the openness, stability, flexibility, and maintainability of the Linux development model and shut their users off from the expertise of the Linux community. Vendors that provide closed-source kernel modules force their customers to give up key Linux advantages or choose new vendors. Therefore, in order to take full advantage of the cost savings and shared support benefits open source has to offer, we urge vendors to adopt a policy of supporting their customers on Linux with open-source kernel code.
in Developer
via Linux Today @ 7:33 5th Jul
- Related
SALT LAKE CITY --(Business Wire)-- Organizations relying on encryption within their most mission-critical business systems must take steps to ensure they can address vulnerabilities like the recently reported Debian Linux flaw when-not if-they happen again, according to Venafi, inventor of systems management for encryption. Such preparations should include automating the management of encryption certificates and keys, to enable rapid identification and replacement. A guide outlining specifically how organizations can address issues and vulnerabilities like the Debian vulnerability using the Venafi encryption management platform and help from a team of expert consultants at Venafi, is available at www.venafi.com/disaster_recovery/linux-debian-openssl-vulnerability.
in Developer
via TMC Net @ 3:40 23rd May
- Related
SALT LAKE CITY (Business Wire) -- Organizations relying on encryption within their most mission-critical business systems must take steps to ensure they can address vulnerabilities like the recently reported Debian Linux flaw when-not if-they happen again, according to Venafi, inventor of systems management for encryption. Such preparations should include automating the management of encryption certificates and keys, to enable rapid identification and replacement. A guide outlining specifically how organizations can address issues and vulnerabilities like the Debian vulnerability using the Venafi encryption management platform and help from a team of expert consultants at Venafi, is available at www.venafi.com/disaster_recovery/linux-debian-openssl-vulnerability.
in Linux
via Globe Investor @ 0:26 23rd May
- Related
SALT LAKE CITY--(BUSINESS WIRE)--May 23, 2008--Organizations relying on encryption within their most mission-critical business systems must take steps to ensure they can address vulnerabilities like the recently reported Debian Linux flaw when–not if–they happen again, according to Venafi, inventor of systems management for encryption. Such preparations should include automating the management of encryption certificates and keys, to enable rapid identification and replacement. A guide outlining specifically how organizations can address issues and vulnerabilities like the Debian vulnerability using the Venafi encryption management platform and help from a team of expert consultants at Venafi, is available at www.venafi.com/disaster-recovery/linux-debian-openssl-vulnerability.
in Open Source
via Macro World Investor @ 2:52 23rd May
- Related
Debian Security Advisory DSA-1592-1         security@debian.org http://www.debian.org/security/              dann frazier Jun 09, 2008             http://www.debian.org/security/faq ---------------------------------------------------------------------- Package     : linux-2.6 Vulnerability  : heap overflow Problem type  : local/remote Debian-specific: no CVE Id(s)    : CVE-2008-1673 CVE-2008-2358 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1673   Wei Wang from McAfee reported a potential heap overflow in the   ASN.
in Open Source
via OSZine @ 12:19 11th Jun
- Related
Debian Security Advisory DSA-1592-2 security@debian.org http://www.debian.org/security/ dann frazier Jun 09, 2008 http://www.debian.org/security/faq ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : heap overflow Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-1673 CVE-2008-2358 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1673 Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem.
in Open Source
via OSZine @ 12:20 11th Jun
- Related
MontaVista® Software, Inc., the leader in embedded Linux® commercialization, announced that its Linux Carrier Grade Edition (CGE) 5.0 has registered compliance with the Linux Foundation's Carrier Grade Linux (CGL) 4.0 specification, has earned Linux Standard Base (LSB) 3.0 certification, and is Internet Protocol version 6 (IPv6) logo certified. This achievement makes MontaVista the only Linux distribution in the world to comply with the three key requirements issued by the industry's major standards bodies, demonstrating that MontaVista Linux CGE interoperates with industry software and hardware, and meets the rigorous demands of today's carrier infrastructures.
in Developer
via EDA Geek @ 21:08 15th Jul
- Related
"The use of Linux is no longer the sole preserve of IT administrators and tech-savvy computer users. Linux can now easily be incorporated into your environment without even having to go through the hassle of re-partitioning a disk. My previous article on VMWare illustrates that Linux is now pretty much a tool for everyone to use. However, one argument often made against the use of Linux is the difficulty of managing it. For instance, can you easily store and retrieve files on a Linux machine? Also, what about the problem of just interacting with and running the Linux machine? Isn't keeping up to date with Linux security patches a big problem? These are all good questions that I answer in the remainder of this article.
in Linux
via Linux Today @ 16:25 24th May
- Related
SANTA CLARA, Calif. — July 15, 2008 — MontaVista® Software, Inc., the leader in embedded Linux® commercialization, today announced that its Linux Carrier Grade Edition (CGE) 5.0 has registered compliance with the Linux Foundations Carrier Grade Linux (CGL) 4.0 specification, has earned Linux Standard Base (LSB) 3.0 certification, and is Internet Protocol version 6 (IPv6) logo certified. This achievement makes MontaVista the only Linux distribution in the world to comply with the three key requirements issued by the industrys major standards bodies, demonstrating that MontaVista Linux CGE interoperates with industry software and hardware, and meets the rigorous demands of todays carrier infrastructures.
in Developer
via Embedded Computing Design @ 18:09 18th Jul
- Related
SANTA CLARA, Calif.--(BUSINESS WIRE)--July 15, 2008--MontaVista® Software, Inc., the leader in embedded Linux® commercialization, today announced that its Linux Carrier Grade Edition (CGE) 5.0 has registered compliance with the Linux Foundation’s Carrier Grade Linux (CGL) 4.0 specification, has earned Linux Standard Base (LSB) 3.0 certification, and is Internet Protocol version 6 (IPv6) logo certified. This achievement makes MontaVista the only Linux distribution in the world to comply with the three key requirements issued by the industry’s major standards bodies, demonstrating that MontaVista Linux CGE interoperates with industry software and hardware, and meets the rigorous demands of today’s carrier infrastructures.
in Developer
via Macro World Investor @ 12:25 15th Jul
- Related
Continuing its efforts to advance customer adoption of Linux, HP has announced the contribution of its Tru64 UNIX Advanced File System (AdvFS) source code to the open source community. The AdvFS source code includes capabilities that increase uptime, enhance security and help ensure maximum performance of Linux file systems. HP will contribute the code as a reference implementation of an enterprise Linux file system under the terms of General Public License Version 2 for compatibility with the Linux kernel, as well as provide design documentation, test suites and engineering resources. The source code serves as a rich technology base to advance ongoing development of Linux by providing a comprehensive foundation for Linux kernel developers to leverage and improve Linux file system functionality.
in Linux
via Channel Line @ 7:35 28th Jun
- Related
The Linux Foundation is now a year old. Formed by the 2007 merger of Open Source Development Labs and the Free Standards Group and home to Linux's creator Linus Torvalds, the Foundation promotes the use of Linux through support for kernel development; the development of common definitions, standards and best practices; and resolution of legal issues. At Red Hat Summit, SearchEnterpriseLinux.com got a chance to speak with Jim Zemlin, the executive director of the Linux Foundation, in Boston and got the latest on all things Linux. Here's what he had to say.
in Linux
via SearchEnterpriseLinux.com @ 9:09 4th Jul
- Related
Ten days ago, a Debian Security Advisory (DSA-1571-1) was released that detailed a flaw in the OpenSSL cryptographic libraries that affects both Debian and other Linux distributions derived from Debian.
in Developer
via Dark Reading @ 0:00 24th May
- Related
Well-known security researcher H. D. Moore, creator of the MetaSploit Project, has posted his findings on the recently discovered Debian-packaged OpenSSL bug. Moore documents the cause of the bug and explains how easily attackers can create every possible key the flawed OpenSSL implementation can generate.
in Linux
via Linux.com @ 15:12 16th May
- Related
Search took 0.56 seconds.
|
|
