AboutWelcome to Free Software Daily (FSD). FSD is a hub for news and articles by and for the free and open source community. FSD is a community driven site where members of the community submit and vote for the stories that they think are important and interesting to them. Click the "About" link to read more...
A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys.
The OpenSSL project team is pleased to announce the release of version 1.0.0 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates many new features as well as major fixes compared to 0.9.8n.
"Today, the SeaMonkey project released a new version of its all-in-one internet suite. SeaMonkey 1.1.9 closes several security vulnerabilities and fixes several smaller problems found in previous versions. With that, SeaMonkey stays at the same level of security as its sibling Firefox, which is issuing updates for the same problems this week as well..."
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions.
A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN
When the Open Source Software Institute (OSSI) sought Federal Information Processing Standards (FIPS) 140-2 validation for its OpenSSL toolkit last year, it was anything but smooth sailing...but, according to Executive Director John Weathersby, things are bound to go much more smoothly this time around.
Netcraft's June SSL Survey has found that a significant number of SSL certificates are affected by the Debian OpenSSL vulnerability, including Extended Validation SSL certificates and certificates belonging to banks.
"Today I finally decided to work out this element of our task list. We are happy that now MyServer can be distributed under the GPLv3 terms license without any exception. Previously we were using OpenSSL for the HTTPS protocol, it was giving us some licensing troubles as we needed to add an exception to the original GPLv3 license..."
