Practical Technology

for practical people.

Fixing Debian OpenSSL

Debian, the popular Linux distribution, has just been shown to have made an all-time stupid security goof-up. They managed to change OpenSSL in their distribution so that it had no security to speak of. Good job guys!

OpenSSL makes it possible to use SSL (Secure Socket Layer) and TLS (Transport Layer Security) in Linux, Unix, Windows and many other operating systems. It also incorporates a general purpose cryptography library. OpenSSL is used not only in operating systems, but in numerous vital applications such as security for Apache Web servers and security appliances from companies like Check Point and Cisco. Yeah, in other words, if you do anything requiring network security on Linux, chances are good, OpenSSL is being called in to help

Now, OpenSSL itself is still fine. What’s anything but fine is any Linux, or Linux-powered device, that’s based on Debian Linux libssl 0.9.8c-1 code, which was released September 17th 2006 until version libssl 0.9.8, which was released on May 13th. That includes the most popular Linux of all: Ubuntu.

More >

Comments are closed.