PublicDate: 2008-05-13 17:20:00 UTC
Candidate: CVE-2008-0166
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166
 https://ubuntu.com/security/notices/USN-612-1
 https://ubuntu.com/security/notices/USN-612-2
 https://ubuntu.com/security/notices/USN-612-3
 https://ubuntu.com/security/notices/USN-612-4
 https://ubuntu.com/security/notices/USN-612-7
Description:
 OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating
 systems uses a random number generator that generates predictable numbers,
 which makes it easier for remote attackers to conduct brute force guessing
 attacks against cryptographic keys.
Ubuntu-Description:
Notes:
 jdstrand> openssh medium since 'only needed blacklist capability'
 jdstrand> ssl-cert high since 'only affected snakeoil certificates'
Bugs:
Priority: critical
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_openssl:
upstream_openssl: not-affected
dapper_openssl: not-affected
feisty_openssl: released (0.9.8c-4ubuntu0.3)
gutsy_openssl: released (0.9.8e-5ubuntu3.2)
hardy_openssl: released (0.9.8g-4ubuntu3.1)
devel_openssl: not-affected

Patches_openssh:
upstream_openssh: not-affected
Priority_openssh_dapper: medium
dapper_openssh: released (1:4.2p1-7ubuntu3.4)
feisty_openssh: released (1:4.3p2-8ubuntu1.3)
gutsy_openssh: released (1:4.6p1-5ubuntu0.3)
hardy_openssh: released (1:4.7p1-8ubuntu1.1)
devel_openssh: not-affected

Patches_openvpn:
upstream_openvpn: not-affected
dapper_openvpn: not-affected
feisty_openvpn: released (2.0.9-5ubuntu0.1)
gutsy_openvpn: released (2.0.9-8ubuntu0.1)
hardy_openvpn: released (2.1~rc7-1ubuntu3.1)
devel_openvpn: not-affected

Patches_openssl-blacklist:
upstream_openssl-blacklist: released (0.3)
dapper_openssl-blacklist: released (0.1)
feisty_openssl-blacklist: released (0.1)
gutsy_openssl-blacklist: released (0.1)
hardy_openssl-blacklist: released (0.1)
devel_openssl-blacklist: not-affected (0.3.1)

Patches_openssh-blacklist:
upstream_openssh-blacklist: released (0.3)
dapper_openssh-blacklist: released (0.1)
feisty_openssh-blacklist: released (0.1)
gutsy_openssh-blacklist: released (0.1)
hardy_openssh-blacklist: released (0.1)
devel_openssh-blacklist: not-affected (0.4.1)

Patches_openvpn-blacklist:
upstream_openvpn-blacklist: released (0.3)
dapper_openvpn-blacklist: DNE
feisty_openvpn-blacklist: released (0.1)
gutsy_openvpn-blacklist: released (0.1)
hardy_openvpn-blacklist: released (0.1)
devel_openvpn-blacklist: not-affected

Patches_ssl-cert:
Priority_ssl-cert: high
upstream_ssl-cert: not-affected
dapper_ssl-cert: not-affected
feisty_ssl-cert: released (1.0.13-0ubuntu0.7.04.1)
gutsy_ssl-cert: released (1.0.14-0ubuntu0.7.10.1)
hardy_ssl-cert: released (1.0.14-0ubuntu2.1)
devel_ssl-cert: not-affected