Security update for openssl and openssh packages

May 17, 2008 – 6:31 am

A security flaw was found in openssl and openssh packages for debian-based operating systems, which includes the Xandros OS installed on your eee pc by default.

OpenSSL is an open source implementation of the SSL/TLS protocols - protocols used for sending encrypted informations over a network, so your communications cannot be eavedropped.

OpenSSH on the other end implements a secure encrypted communication with an SSH server, with an additional strong authentication mechanism. It is often prefered over FTP (which is completely unsecure).

The flaw was discovered in the mechanism for generating keys; keys are weak and subject to a bruteforce attack.

To fix the problem, open the terminal (ctrl+alt+t) and type in the following commands:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

You should see the upgrade performed.

I strongly advise to perform the upgrade even if you don’t have the need to set up a remote server: if you use gmail or gtalk for instance, the openssl package is being utilized.

More ressource.


You must be logged in to post a comment.

www.eeextra.com - our work, text and pictures are licensed under Creative commons licence.Wordpress | Theme