You are not logged in.
- Topics: Active | Unanswered
#1 2008-08-30 20:07:18
- daf666
- Member
- Registered: 2007-04-08
- Posts: 470
- Website
Is Arch affected by the latest key vulnerability issue?
Is Arch affected by this?
Offline
#2 2008-08-30 21:23:57
- KimTjik
- Member
- From: Sweden
- Registered: 2007-08-22
- Posts: 715
Re: Is Arch affected by the latest key vulnerability issue?
As I understand the different reports it all goes back to the Debian patched and unfortunately flawed version of SSH implementation. I've seen other reports suggesting that those running system with keys generated in Debian before the fix, might be forced to do some awkward security measures (like backup data-bases and write zeros to hard-drives, and move the data-base back).
Hence I shouldn't affect Arch, as I understand it, unless you use some keys generated in a Debian system.
Offline
#3 2008-08-30 23:46:25
- iphitus
- Forum Fellow
- From: Melbourne, Australia
- Registered: 2004-10-09
- Posts: 4,927
Re: Is Arch affected by the latest key vulnerability issue?
We never applied the patch here so keys generated on Arch are fine. However any system which has users whose keys were generated on a debian install affected by that patch is vulnerable.
Offline