I can think of only two words that best describe the whole deal: Epic fail.

It’s been quite a spectacle ever since I saw that security vulnerability report on the NVD RSS feed. Even though the bug has been patched and fixed, system administrators are now left with the task of cleaning up the mess. It would have been OK if it only affected Debian and Debian-based systems. But it turns out the damage is far reaching. Even if you don’t run Debian, if you are using SSL certificates generated by a CA who generated the certificate using a Debian system, your SSL certificate will have to be revoked and replaced! See here.

Amazing what a couple of lines of code can do.

This entry was posted on Friday, May 16th, 2008 at 12:00 pm and is filed under System Administration, Ubuntu Linux. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.