Apparently, Heimdal in Debian also is affected. I am not aware of any
solution other then to manually regenerate all keys.
Brian May
--- Begin Message ---
I strongly advise all readers of this list that use Debian or might have
users in your realm (or any realms for which cross-realm key exchange as
been performed) to read:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
This vulnerability will effect any Heimdal distribution built using any
Debian package of OpenSSL version 0.9.8c-1 or higher.
All long term keys that were generated with this version of OpenSSL
and are not derived from a password MUST be changed.
Any short term keys that are generated from a vulnerable KDC should be
considered suspect.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
