On Tue, 2008-05-13 at 21:12 -0700, Richard Doyle wrote: > There is a potentially serious vulnerability in OpenSSL which affects > Edubuntu and other Debian-based distributions: > http://www.ubuntu.com/usn/usn-612-1 > > > Fixes are described in http://wiki.debian.org/SSLkeys . Since SSH is a > vital part of Edubuntu, and is affected by the vulnerability, every > affected system should be fixed ASAP. As I understand it, the fix for > version version 7.04 is to run the following commands: > > sudo rm /etc/ssh/ssh_host_* > sudo dpkg-reconfigure openssh-server > sudo ltsp-update-sshkeys > > This sounds like a serious vulnerability, particularly if you allow ssh > access into the thin-client network from outside. Corrections are > welcome! > > There are related vulnerabilities that may affect some Edubuntu users > (OpenVPN is vulnerable).
A follow-up... This fix worked for our lab, but as noted, we're still using 7.04. -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
