[auton-users] Auton Lab Notice: OpenSSL / SSH vulnerability Fixed

[Michael J. Baysek]

Hello Lab,


A recently discovered bug in Debian-based Linux distributions causes 
SSL/SSH keys to become somewhat predictable.  The bug has been fixed, 
and I have updated all of your desktop machines.


If you are running Ubuntu in a virtual machine, I urge you to perform 
all updates by clicking on the update manager and entering your 
password.  Alternatively, you can drop to a shell, and run "sudo 
aptitude update; sudo aptitude upgrade".  If you prefer me to service 
your virtual machine, please let me know.


A side effect of the subsequent security checks I have done was that I 
had to regenerate some of your ssh keys.  I also removed all vulnerable 
ssh keys from the .ssh/authorized_keys2 files in your home directories. 


If you notice any problems such as having to enter your password for CVS 
transactions, and you didn't have to before, please let me know and I 
will correct it for you.  For those of you whose keys I had to 
regenerate, you should be ok - I already updated your authorized_keys2.  
The only way you will still have a problem is if you have an external 
machine that you were using to access the system.  You should regenerate 
your personally owned machines SSH keys before re-adding the public key 
to the authorized_keys2 files on our system.


If you need to regenerate the SSH key for your user account, you can run 
"ssh-keygen -t rsa" at your shell prompt.


Please let me know if I can be of any help cleaning up after this update -


Mike





-- 
--
Michael J. Baysek, Systems Analyst
Carnegie Mellon University - Auton Lab
www.cmu.edu - www.autonlab.org
412-268-8939

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mailman.srv.cs.cmu.edu/mailman/private/autonlab-users/attachments/20080516/63bbe721/attachment.bin>