Although the attached warning is not, srictly speaking, telecom related, I'm allowing it because Debian GNU/Linux is the operating system that runs a lot of the Asterisk PBX software, and is used in a lot of other "infrastructure" machines that provide email or other essential corporate functions. The more people who know, the better.
Bill Horne Temporary Moderator
*************************Debian Security Advisory
DSA-1571-1 openssl -- predictable random number generator
Date Reported: 13 May 2008
Affected Packages: openssl
Vulnerable: Yes
Security database references: In Mitre's CVE dictionary: CVE-2008-0166.
More information:
Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.
This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
...