[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Urgent SSL security update from GeoTrust for Debian users

From: Hurf Sheldon <>
To: cslug-l <>
Subject: Urgent SSL security update from GeoTrust for Debian users
Date: Wed, 21 May 2008 10:09:18 -0400

Forward from net-admin-l
h

----------


**********************************************************************************************

Linux Operating System Security Flaws May Have Compromised Your Certificates.Replace Them Now at No Charge.

**********************************************************************************************

Dear Andrea,

We are writing to inform you of a recent exposed security flaw with certain versions ofLinux so you may take immediate action and protect your site and your customersagainst any vulnerability. If you are not using Debian or one of its derivatives there isnothing you need to do.


WHO IS IMPACTED AND WHY?

For customers who used a Debian OS (or its derivatives) to generate a key pair used torequest a certificate, that key pair (and the corresponding certificate) is vulnerable. Thisis due to a flaw in the Debian-specific random number generation that results inrelatively predictable key pair values, making them highly exploitable.


GeoTrust's trusted root and intermediate roots were not impacted by this incident.

WHAT CAN YOU DO?

If you are running Debian operating systems and derivatives (such as Ubuntu) releasedbetween September 17, 2006 and May 12, 2008 you should deploy a recently replacedDebian patch and revoke and replace all SSL and code signing certificates for whichkeys were created on these operating systems. Debian has released a testing tool toconfirm whether your certificates are affected. This tool and other useful information canbe found here:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

GeoTrust offers free reissuance for its certificates. To revoke or reissue your certificate,please go to:

http://www.geotrust.com/resources/cert_reissuance/index.asp

FOR MORE INFORMATION.
For additional information, please visit our support site at:
http://www.geotrust.com/support/index.asp

Sincerely,


Chris Babel
Senior Vice President, SSL
GeoTrust
_______________________________________________________________________________________________________

This message was sent by GeoTrust using Responsys http://www.responsys.com/rsvp.aspTo opt-out of future, non-service related and/or promotional e-mails, please visit us at:https://www.geotrust.com/compref and update your communication preferences and user profile.

GeoTrust, Inc.
Attention: Subscriber Services
487 E. Middlefield Road
Mountain View, CA 94043

View our permission marketing policy: https://www.geotrust.com/resources/legal/privacy.asp

Prev by Date: [Fwd: LinuxQuestions.org - Community Bulletin]
Next by Date: Ubuntu 8.04
Previous by thread: [Fwd: LinuxQuestions.org - Community Bulletin]
Next by thread: Ubuntu 8.04
Index(es):
- Date
- Thread