[unisog] FYI: Debian/Ubuntu SSL/SSH vulnerability, logging issues

Florian Weimer fw at deneb.enyo.de
Fri May 23 13:21:02 GMT 2008


* Andrew Daviel:

> If you have a recent Debian or Ubuntu system, running the 
> "etch" release (since September 2006), and have used it to generate an 
> SSH key used for access on any system (i.e. done "ssh-keygen" and placed a key in 
> .ssh/authorized_keys) :

You should do this even if you are in a supposedly Debian-free
environment.  It seems as if it's pretty difficult to stop people from
using Debian.  There have been quite a few surprises.

> There is a script "dowkd.pl" available from
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
> This is worth running. You need go get a file from CPAN:
>   cpan> install File::Temp

Uhm, File::Temp has been part of Perl for ages.  Is there some sort of
error message if you don't do that?


More information about the unisog mailing list