CVE-2008-0166

Published: 13 May 2008

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Notes

Author	Note
jdstrand	openssh medium since 'only needed blacklist capability' ssl-cert high since 'only affected snakeoil certificates'

Priority

Status

Package	Release	Status
openssh Launchpad, Ubuntu, Debian	dapper	Released (1:4.2p1-7ubuntu3.4)
	feisty	Released (1:4.3p2-8ubuntu1.3)
	gutsy	Released (1:4.6p1-5ubuntu0.3)
	hardy	Released (1:4.7p1-8ubuntu1.1)
	upstream	Not vulnerable
openssh-blacklist Launchpad, Ubuntu, Debian	dapper	Released (0.1)
	feisty	Released (0.1)
	gutsy	Released (0.1)
	hardy	Released (0.1)
	upstream	Released (0.3)
openssl Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	feisty	Released (0.9.8c-4ubuntu0.3)
	gutsy	Released (0.9.8e-5ubuntu3.2)
	hardy	Released (0.9.8g-4ubuntu3.1)
	upstream	Not vulnerable
openssl-blacklist Launchpad, Ubuntu, Debian	dapper	Released (0.1)
	feisty	Released (0.1)
	gutsy	Released (0.1)
	hardy	Released (0.1)
	upstream	Released (0.3)
openvpn Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	feisty	Released (2.0.9-5ubuntu0.1)
	gutsy	Released (2.0.9-8ubuntu0.1)
	hardy	Released (2.1~rc7-1ubuntu3.1)
	upstream	Not vulnerable
openvpn-blacklist Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Released (0.1)
	gutsy	Released (0.1)
	hardy	Released (0.1)
	upstream	Released (0.3)
ssl-cert Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	feisty	Released (1.0.13-0ubuntu0.7.04.1)
	gutsy	Released (1.0.14-0ubuntu0.7.10.1)
	hardy	Released (1.0.14-0ubuntu2.1)
	upstream	Not vulnerable

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›