Bering uClibc
Home
Changelog
Packages 2.x
Packages 3.x
Documentation
Buildtool
Versions
Download
The Bering-uClibc Team

Search Announcements




External Links
modules.lrp generator
Q-Box - QoS Appliance
uClibc
BusyBox
dnsmasq
dropbear
shorewall

Announcements

Impact of the Debian OpenSSL vulnerability

  • Posted by: kapeka on 2008-05-17 09:44+0000
  • Updated by: kapeka on 2008-05-17 09:49+0000
Software packages (namely openssl, sshd, dropbear and openvpn) build for LEAF Bering-uClibc are not affected by the recently found Debian OpenSSL vulnerability. So keys generated on a LEAF Bering-uClibc router are secure. Anyway, a Bering-uClibc router can be compromised, if you use keys build on one of the insecure systems (Debian, Ubuntu, etc), e.g. to login via ssh and authorized keys. So please doublecheck your router(s) and replace any vulnerable keys and certificates.
See: http://www.debian.org/security/2008/dsa-1571 - the original security advice http://lwn.net/Articles/282744/ - explaining (for CentOS) how a system can be affected by keys, even if the systems ssl key generation itself behaves well.

Hosted on Get LEAF Linux Embedded Appliance Framework at SourceForge.net. Fast, secure and Free Open Source software downloads, and powered by phpWebSite.