[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 2008-05-13 at 18:29 +0100, Rob Beard wrote: > Hi folks, > > This has just popped up on the Ubuntu-UK mailing list in the last 15 > minutes. Looks to be fairly important if you're running Ubuntu 7.04, > 7.10 or 8.04 (or it's derivatives). All SSH keys generated on a Debian system *or any derivative of Debian, including all Ubuntu flavours* after 2006-09-17 needs to be considered compromised as of today. Various projects have various methods of updating the key access methods so lots of various development tasks will suffer delays and interruptions. FTR, my own keys were created 2006-04-30. Phew! Ubuntu has a new package already but I'm waiting for the fix in Debian - which will propagate into Ubuntu too. No GnuPG keys are affected - this is specific ONLY to SSH. I suspect this will cause an appreciable delay to the release of Lenny. -- Neil Williams <linux@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html