Welcome to Global Trust 256 bit SSL Security Site.

  現在位置 : 技術資源 > 知識庫FAQ > SSL 憑證 > Globaltrust > 其它問題 > 寰宇數位或客戶是否有受2008年5月13日在Debian上OpenSSL弱點的影響?

技術 / 資訊搜尋 


寰宇數位或客戶是否有受2008年5月13日在Debian上OpenSSL弱點的影響?


需注意的對象:負責產生CSR或安裝SSL憑證的網管或技術人員
在 2008年5月13日 Debian專案人員Luciano Bello在他們發佈的OpenSSL工具包上發現一個弱點,您可以在這裡找到詳細資料:

http://www.debian.org/security/2008/dsa-1571

請注意這個弱點並沒有在任何地方影響我們CA或我們的PKI架構,這個弱點影響的是從那個系統產生出來的金鑰

假如您的CSR有下列狀況
# 產生於 2006-09-17 之前
# 由 Etch, Lenny 或 Sid 產生(Sarge 沒有弱點問題)
# 使用 'openssl', 'ssh-keygen', 或 'openvpn --keygen' 產生 (GnuPG 和 GNUTLS 未受影響)


您必須
# 產生新的 CSR 和金鑰key pair
# 和寰宇數位申請新的置換憑證 (必須使用新的CSR,此服務是免費的)
# 下載並安裝您的新憑證.
# 作廢您舊的憑證.


您可以在下列找到一個完整的以Debian為基礎的Linux清單
http://en.wikipedia.org/wiki/List_of_Linux_distributions#Debian-based


想知道您正在執行的Debian核心版本您可以使用下列指令:
$ lsb_release -d -s -c



$ cat /etc/lsb-release

想知道您的OpenSSL版本可以使用下列指令:

$ openssl version -v -d -p

一個用來偵測已知弱點的工具可以在此下載:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

在這有更新軟體的詳細資料:
http://wiki.debian.org/SSLkeys

請注意: 寰宇數位並沒有以任何直接的方式受到此 Debian問題的影響.


============================================================================================================以下為英文版

Am I or is GlobalTrust affected by the OpenSSL vulnerability in Debian reported May 13, 2008?


Intended Audience: Web hosts, web server administrators, technical personnel responsible for generating CSRs and installing SSL certificates on web servers.

On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. Details can be found here:

http://www.debian.org/security/2008/dsa-1571

Please note that this vulnerability does not affect GlobalTrust or our PKI infrastructure in any way. The vulnerability affects the way PRIVATE keys are generated, a process which occurs on your systems.

If your CSR was

# Generated since 2006-09-17
# Generated with Etch, Lenny or Sid (Sarge is not vulnerable)
# Generated using 'openssl', 'ssh-keygen', or 'openvpn --keygen' (GnuPG and GNUTLS are not affected)

you must

# Generate a new CSR and key pair
# Replace your certificate (GlobalTrust provide the free replacing service.)
# Download and install your new certificate.
# Revoke you replaced certificate.

A complete list of Debian based distributions can be found here:

http://en.wikipedia.org/wiki/List_of_Linux_distributions#Debian-based

To see what version of a Debian based distribution you are running, you can use one of the following commands:

$ lsb_release -d -s -c

or

$ cat /etc/lsb-release

To see what version of openssl is installed, use the command

$ openssl version -v -d -p

A detector for known weak key material has been published here:

http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

There is a wiki with detailed information on upgrading software here:

http://wiki.debian.org/SSLkeys

Please Note: GlobalTrust is not affiliated in any direct way with the Debian Project.



技術支援系統登入 忘記密碼?
帳號
密碼

 

主要問題大類
文件區 (3)
SSL 憑證 (0)
CodeSign程式碼簽章 (0)
Email憑證 (24)
隱私條款 法律聲明 安全說明連絡寰宇