Security Advisory

Debian has released a security advisory (DSA-1571-1) describing a vulnerability in the the random number generator used by the OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other Debain-based operating systems. This vulnerability causes the generated numbers to be predictible. This is not a vulnerability in VanDyke applications and there is no need to update VanDyke applications to address this issue. However, it is recommended that you upgrade your Debian- and Ubuntu-based systems and then regenerate cryptographic key material as described in the advisory.

Posted: July 7, 2008

Description

Debian has released a security advisory (DSA-1571-1) describing a vulnerability in the the random number generator used by the OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other Debain-based operating systems. This vulnerability causes the generated numbers to be predictible, which could result in cryptographic key material being guessable.

This vulnerability is present in OpenSSL versions starting with 0.9.8c-1 on the Debian GNU/Linux operating systems and its derivatives. These problems have been fixed in versions 0.9.8c-4etch3 (stable) and 0.9.8g-9 (unstable).

Note, this is not a vulnerability in VanDyke applications and there is no need to update VanDyke applications to address this issue. However, it is recommended that you upgrade your Debian- and Ubuntu-based systems and then regenerate cryptographic key material as described in the advisory.

Please refer to the following Debian Security Advisory for more information on the vulnerability and update procedures.

https://www.debian.org/security/2008/dsa-1571