Today I've heard about a critical security flaw in openssl in Debian and other Debian based distributions.From http://lists.debian.org/debian-security-announce/2008/msg00152.html : "Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. [...]" Everyone should patch openssl as fast as possible.
This is not enough Leszek, I believe to upgrade the package is not enough. Everybody needs to check his/her own keys that might have been generated with Debian openSSL and regenerate them. Does anybody know where to find a checklist, where all to look? K<o>
This thread (although ISPConfig-specific) might help a bit: http://www.howtoforge.com/forums/showthread.php?t=23331
