Friday, May 16, 2008

Debian weak SSL key vulnerability - if you're on Debian, upgrade NOW

My webserver for my non-Blogger sites is an ancient Dell laptop running Debian. I learned of a vulnerability in Debian's SSH keys that could result in my server getting hacked easily, and just updated the packages in question.

For more details, see the SSLkeys page over at the Debian wiki.

The upgraded packages DID detect that my server was vulnerable, so I'm very happy to have done this upgrade. It took about 2 minutes to run, and so far, no operations seem to have been affected. Basically, your SSH keys are checked against a list of known-bad ones, and regenerated if they're easily broken.

(As a side note, this shuts off your apache and apache2 modules, which you will need to reactivate with a quick edit to /etc/default/apache2).


Post a Comment

<< Home