[Pkg-cups-devel] Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
Roger Leigh
rleigh at whinlatter.ukfsn.org
Fri May 16 13:01:21 UTC 2008
On Fri, May 16, 2008 at 10:02:51AM +0900, Kenshi Muto wrote:
> At Thu, 15 May 2008 21:13:06 -0300,
> Henrique de Moraes Holschuh wrote:
> > On Thu, 15 May 2008, Debian Bug Tracking System wrote:
> > > Debian's CUPS has used GNUTLS instead of OpenSSL by default.
> >
> > That doesn't make any difference if the certificate it is using was
> > generated by openssl. Is that certificate under the local admin
> > control? If it is, cupsys can also be affected.
>
> Yes, admins can replace the key by themselves with their responsibility
> (but I haven't tried it).
>
> Because SSLkeys Wiki page focuses the weak keys made by Debian official
> packages at this time, I don't think it is valuable to describe about CUPS
> there.
Doesn't CUPS automatically generate SSL keys? If so, the existing keys
will be insecure. Surely this will require action to regenerate the
keys, so is it not part of the SSL vulnerability?
Thanks,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
More information about the Pkg-cups-devel
mailing list