真不敢相信debian 這麼嚴謹的distro 會出這種錯誤
而且擺了一兩年
Serious Debian/Ubuntu openssl/openssh bug found
ubuntu 系出debian 當然也受影響(libssl-0.9.8)
受影響版本:
- Ubuntu 7.04 (Feisty)
- Ubuntu 7.10 (Gutsy)
- Ubuntu 8.04 LTS (Hardy)
- Ubuntu “Intrepid Ibex” (development): libssl <= 0.9.8g-8
- Debian 4.0 (etch) (see corresponding Debian security advisory)
參考這篇文章:
OpenSSL & OpenSSH Vulnerabilities : Confirm & Fix Instructions
1. 下載dowkd.pl.gz
# wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz# gunzip dowkd.pl.gz# chmod u+x ./dowkd.pl
2. 檢查是否有weak key
#./dowkd.pl user
summary: keys found: 0, weak keys: 0
#./dowkd.pl host
summary: keys found: 0, weak keys: 0
很好,沒有weak key
0 comments:
Post a Comment