Findings on The Debian OpenSSL Bug

Well-known security researcher H. D. Moore, has published detailed findings on the recently discovered OpenSSL vulnerability of Debian / Debian-based systems.

Ubuntu / Kubuntu / Edubuntu / Xubuntu users, please ensure that you have updated or installed all of the packages in the following security advisories:

• [USN-612-1] OpenSSL vulnerability
• [USN-612-2] OpenSSH vulnerability
• [USN-612-3] OpenVPN vulnerability
• [USN-612-4] ssl-cert vulnerability
• [USN-612-5] OpenSSH update
• [USN-612-6] OpenVPN regression

Take special note that all OpenSSH keys and X.509 (SSL) certificates previously generated on vulnerable systems are untrustworthy, regardless of the system on which they are used.

Related: Debian Ubuntu Kubuntu Security issue SSL/SSH keys