[nSLUG] debian/ubuntu ssl security (CVE-2008-0166)

George N. White III gnwiii at gmail.com
Mon May 19 14:38:43 ADT 2008


"Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable."

Debian Wiki: <http://wiki.debian.org/SSLkeys>

"A discussion of why this change was made can be found at #363516 and
also on the openssl-dev list. Judging from the discussion there, the
main culprit seems to be a misunderstanding about which is the right
list to ask this question on, followed by misleading answers from the

George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia

More information about the nSLUG mailing list