Debian Security Flaw
The debian security flaw and the supposed attacks were pointed out to me earlier today. There's a blurb about it here on LJ. The US-CERT warning is here. The original debian advisory about the actual bug is here. I say "supposed attacks" cuz if the government says it, I'm skeptical, but that's another can of worms...
Instead of just rehashing what the security advisory says and what evvvverrrrybody else has already said I thought I'd see if I could actually see what the original patch was. Well that didn't really work out, I downloaded the patch referenced from the debian advisory page and took a look at it, but it's got numerous other fixes included and this specific fix was not obvious.
The last changelog entry is:
+openssl (0.9.8c-4etch3) stable-security; urgency=high + + * Re-introducing seeding of the random number generator. Patch from the + maintainer. + + -- .... <....@...> Thu, 08 May 2008 01:58:40 +0200Which based on what I understand about the problem sounds like the culprit. It's also the only entry with about the right date.
So with that I went to the debian subversion repository to see if I could look at the isolated change, without all the other changes. Well, that didn't work out too well either because it doesn't appear to me that the change was ever committed to the repository. Of course, I suspect it has or there's a good reason why it isn't there and I'm just missing something, but it would be nice if somebody could confirm that everything's ok.
Mitch Frazier is an Associate Editor for Linux Journal.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Understanding Ceph and Its Place in the Market
- Astronomy for KDE
- The Giant Zero, Part 0.x
- Maru OS Brings Debian to Your Phone
- Git 2.9 Released
- OpenSwitch Finds a New Home
- What's Our Next Fight?
- Snappy Moves to New Platforms
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide