OpenSSL flaw in Debian Linux discovered - bit-tech.net Forums

CardJoe · 14th May 2008, 12:11

http://www.bit-tech.net/news/2008/05...x-discovered/1

The team behind the Debian Linux project have discovered a flaw in their implementation of the OpenSSL cryptography package that has been in place since 2006.

Tomm · 14th May 2008, 12:18

You mean Linux isn't a perfect OS sent from God?

samkiller42 · 14th May 2008, 12:23

Quote:

Originally Posted by Tomm

You mean Linux isn't a perfect OS sent from God?

hahaha. My dreams have come true, the day something wrong comes to linux, no matter how small it was.... Sorry, all childish now.

At least in the light of this, its been sorted out relativley quickly, which is a good sign for any OS.

Sam

steveo_mcg · 14th May 2008, 12:25

Seen this yesterday, meant to redo my keys last night (forgot) if any one is bored my system is wide open...

Kode · 14th May 2008, 12:26

johnny come latelys? Debian has been running longer than redhat, redhat was initially released in 95, debian in 93, also the good thing about open source is these problems get picked up and fixed, rather than microsofts approach that seems to be pretend they arent there

Tomm · 14th May 2008, 12:27

Clearly it's not perfect, nothing in this world is. It's therefore not a surprise that there's a small bug in one small part of Linux. It was, after all, created by humans. My point was the opposite really - we shouldn't be surprised by this news and I'm certainly not pointing and laughing.

Maybe I was too sarcastic (is there such a thing as too sarcastic?).

Gareth Halfacree · 14th May 2008, 12:46

Quote:

Originally Posted by Kode

johnny come latelys? Debian has been running longer than redhat, redhat was initially released in 95, debian in 93,

I sit corrected. Article updated.

sotu1 · 14th May 2008, 13:06

you know in the simpsons when that bully dude goes 'haaha'. that's what i think! however, having said that, well done linux teams for getting onto it quickly. that is commendable

proxess · 14th May 2008, 13:46

for 1 bug in linux article on bit-tech we have 500 windows bugs articles

C-Sniper · 14th May 2008, 13:58

Nothing is perfect but atleast linux is more perfect than windows.

btw, slackware strawberry Cheesecake

DXR_13KE · 14th May 2008, 14:10

at least it is patched faster than in windows.....

Glider · 14th May 2008, 15:32

And the flaw isn't that big... Just a random number that could be predictable... And I could win the lottery...

This bug is also already fixed, so it' a non-issue. I don't have the time to redo my keys right now, so al hackers, go ahead

pendragon · 14th May 2008, 18:23

as much as I dislike the typical "smug linux user", no reason for me to point and laugh.. Linux has its own problems and quirks just like any OS out there... no big deal.. The good thing from this story is that they plugged the hole.. Kind of stinks that it's Debian..as Ubuntu is hugely popular.

Glider · 14th May 2008, 18:50

Well, it doesn't stink at all... If you read the various Linux mailing lists, you will see security notices popping up often. But the good thing about this is that those flaws are usually fixed within days.

IanW · 14th May 2008, 20:02

Exactly. This bug was squished almost immediately.
If it was a Windows bug, it wouldn't have been patched until the first Tuesday of NEXT month at the earliest!

WhiskeyAlpha · 15th May 2008, 01:14

Being the stinking linux noob that I am, what do I need to do to "rebuild my keys"?

I just updated my ubuntu fileserver (ala Glider's superb server guide) to 8.04LTS and it fired up a warning message telling me about the security hole. Not sure if it sorts it automatically or whether I need to flex my typing skills on the command line

cebla · 15th May 2008, 01:47

If the article is correct then this bug was introduced in 2006. That means its been there for two years. I am not sure why some of you think this was fixed so much more quickly than bugs in Windows.

Glider · 15th May 2008, 04:55

Quote:

Originally Posted by WhiskeyAlpha

Being the stinking linux noob that I am, what do I need to do to "rebuild my keys"?

I just updated my ubuntu fileserver (ala Glider's superb server guide) to 8.04LTS and it fired up a warning message telling me about the security hole. Not sure if it sorts it automatically or whether I need to flex my typing skills on the command line

If you are using a key based authentication (like in passwordless SSH) then you need to update the keys generated by a Debian machine manually.

steveo_mcg · 15th May 2008, 09:03

Quote:

Originally Posted by cebla

If the article is correct then this bug was introduced in 2006. That means its been there for two years. I am not sure why some of you think this was fixed so much more quickly than bugs in Windows.

Because as soon as it was caught it was fixed, wouldn't be the first time a large whole has been found in windows after a few years and it still takes at least a month for the fix.

pendragon · 15th May 2008, 18:23

Quote:

Originally Posted by Glider

Well, it doesn't stink at all... If you read the various Linux mailing lists, you will see security notices popping up often. But the good thing about this is that those flaws are usually fixed within days.

uh... perhaps I missed your point.. but my point was that, as Ubuntu is massively popular (especially with newbies like myself), you'll get a larger amount of people with this flaw unpatched in their system (as opposed to say people that run a distro that isn't as popular).. which is too bad.

14th May 2008, 12:11	#1
CardJoe Player Character bit-tech Staff Join Date: Apr 2007 Posts: 7,975	OpenSSL flaw in Debian Linux discovered http://www.bit-tech.net/news/2008/05...x-discovered/1 The team behind the Debian Linux project have discovered a flaw in their implementation of the OpenSSL cryptography package that has been in place since 2006. __________________ this is joe's non-bit-tech blog

14th May 2008, 12:18	#2
Tomm I also ride trials :¬) Join Date: Apr 2004 Location: Fallowfield, Manchester Posts: 2,233	You mean Linux isn't a perfect OS sent from God? __________________ Carrot cake cheesecake Shuttle SN85G4V2 \| A64 3200+ / Apple PowerBook 12

14th May 2008, 12:25	#4
steveo_mcg What owl? Join Date: May 2005 Location: Edinburgh Posts: 3,983	Seen this yesterday, meant to redo my keys last night (forgot) if any one is bored my system is wide open... __________________ No boom today, boom tomorrow... there's always a boom tomorrow.

14th May 2008, 12:27	#6
Tomm I also ride trials :¬) Join Date: Apr 2004 Location: Fallowfield, Manchester Posts: 2,233	Clearly it's not perfect, nothing in this world is. It's therefore not a surprise that there's a small bug in one small part of Linux. It was, after all, created by humans. My point was the opposite really - we shouldn't be surprised by this news and I'm certainly not pointing and laughing. Maybe I was too sarcastic (is there such a thing as too sarcastic?). __________________ Carrot cake cheesecake Shuttle SN85G4V2 \| A64 3200+ / Apple PowerBook 12

14th May 2008, 13:06	#8
sotu1 Mini Love Join Date: Aug 2007 Location: England, South of. Posts: 1,169	you know in the simpsons when that bully dude goes 'haaha'. that's what i think! however, having said that, well done linux teams for getting onto it quickly. that is commendable __________________ Death to consolification !!! [size=1]Give me my Windforce! I'm coming back!

14th May 2008, 12:26	#5
Kode Multimodder Join Date: Jan 2008 Location: Birmingham, UK Posts: 234	johnny come latelys? Debian has been running longer than redhat, redhat was initially released in 95, debian in 93, also the good thing about open source is these problems get picked up and fixed, rather than microsofts approach that seems to be pretend they arent there

14th May 2008, 13:46	#9
proxess Victim of AdvancedModernCapitalism Join Date: Nov 2006 Location: The town of Love, Funchal Posts: 600	for 1 bug in linux article on bit-tech we have 500 windows bugs articles __________________ Netbook: Asus eeePC 901; 12Gb SDD; Custom Ubuntu 9.04 Minimal Compiz Standalone. Laptop: Intel Centrino Duo T5500 1.66ghz; 2048mb RAM; ATI Mobility Radeon x2300; Hitachi 120gb iPod Classic 120GB; Maxtor 160GB External; Ubuntu 9.10 x64 and Windows 7 x64.

14th May 2008, 14:10	#11
DXR_13KE Madeira's banana is the best!!! Join Date: Sep 2005 Location: Madeira ; Portugal Posts: 6,473	at least it is patched faster than in windows..... __________________ *Renegade X - 0.40 Release!* <---- CLICK!

14th May 2008, 15:32	#12
Glider /dev/null Join Date: Aug 2005 Location: Belgium Posts: 4,102	And the flaw isn't that big... Just a random number that could be predictable... And I could win the lottery... This bug is also already fixed, so it' a non-issue. I don't have the time to redo my keys right now, so al hackers, go ahead __________________ There Are 10 Types Of People, Those Who Know Binary and Those Who Don't

14th May 2008, 18:23	#13
pendragon I pickle they Join Date: May 2004 Location: Massachusetts,usa Posts: 631	as much as I dislike the typical "smug linux user", no reason for me to point and laugh.. Linux has its own problems and quirks just like any OS out there... no big deal.. The good thing from this story is that they plugged the hole.. Kind of stinks that it's Debian..as Ubuntu is hugely popular. __________________ -----BEGIN GEEK CODE BLOCK----- GCS d-@ s-:>: a- C++$ UL---@ P++>+++++$ L+ E----@ W+++ N o? K? w++>+++++ O---@ M-- V? PS--() PE+@ Y? PGP-@ t+(+++) 5(+)@ X@ R+(++) tv@ b++ DI@ D++ G e++>+++++ h! r(%) y? ------END GEEK CODE BLOCK------

14th May 2008, 18:50	#14
Glider /dev/null Join Date: Aug 2005 Location: Belgium Posts: 4,102	Well, it doesn't stink at all... If you read the various Linux mailing lists, you will see security notices popping up often. But the good thing about this is that those flaws are usually fixed within days. __________________ There Are 10 Types Of People, Those Who Know Binary and Those Who Don't

14th May 2008, 20:02	#15
IanW I am a Dremel Join Date: Aug 2003 Location: N.Wales Posts: 1,607	Exactly. This bug was squished almost immediately. If it was a Windows bug, it wouldn't have been patched until the first Tuesday of NEXT month at the earliest! __________________ Q6600@3GHz / AC Freezer 7 Pro / Gigabyte EP35-DS3R / 8GB OCZ Platinum PC6400 / EVGA GTX260 SSC / LG DVDR / 9TB HDD / OCZ Modstream 780W / CoolerMaster 590 case / Dell E248WFP / Saitek Eclipse II / Logitech G9 / Ubuntu 9.10-64

15th May 2008, 01:14	#16
WhiskeyAlpha Hypermodder Join Date: May 2006 Location: East London Posts: 831	Being the stinking linux noob that I am, what do I need to do to "rebuild my keys"? I just updated my ubuntu fileserver (ala Glider's superb server guide) to 8.04LTS and it fired up a warning message telling me about the security hole. Not sure if it sorts it automatically or whether I need to flex my typing skills on the command line __________________ Intel Q6600 @ 3.6Ghz \| ASUS P5K Premium \| 4GB G.Skill DDR2 PC2-8000 \| Nvidia 8800GTX @ 702/1728/2214Mhz \| 750GB HDD Storage \| Corsair HX 620W \| Dell 2007WFP \| Tannoy Reveal Active 5A \| Beresford MK6 DAC Customised Mountain Mods U2-UFO \| ThermoChill PA120.3 & PA120.2 \| D-Tek FuZion \| EK-FC8800 GTX \| Alphacool Repack Bay Res x2 \| Laing DDC x2 \| 1/2" Tygon \| Feser One Coolant

15th May 2008, 01:47	#17
cebla Multimodder Join Date: Sep 2004 Location: Canberra, Australia Posts: 107	If the article is correct then this bug was introduced in 2006. That means its been there for two years. I am not sure why some of you think this was fixed so much more quickly than bugs in Windows.