On Tue, 13 May 2008 11:14:59 -0500 Sean Malloy <[EMAIL PROTECTED]> wrote:
> On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote: > > I guess everyone by now has heard about the very serious libssl > > vulnerability on Debian/Ubuntu? > > > > Just making sure that the source is safe, thanks. > > > > /juan > > Here is a quote from the official Debian Security announcement, > DSA-1571 http://www.debian.org/security/2008/dsa-1571. > > "This is a Debian-specific vulnerability which does not affect other > operating systems which are not based on Debian. However, other > systems can be indirectly affected if weak keys are imported into > them." > Just wondering... If someone generates ssh keys with flags J or Z set in malloc.conf(5), aren't these keys useless too (since feeding predictable data is more or less equal to not feeding data at all) ?
