Clint Dilks wrote:
Hi People,
I know this may seem off topic, but I thought for those of us who might
have Debian users generating key pairs that they put on CentOS systems
people should be aware that
everybody who generated a public/private keypair or an SSL
cert request on Debian or Ubuntu from 2006 on is vulnerable
http://it.slashdot.org/it/08/05/13/1533212.shtml
I've been following this story too after reading about it on SANS
Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4414
I wonder how far reaching this is. One wonders if any of the trusted
root CAs have issued vulnerable certs as a result.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
