Ubuntu Update for Linux kernel vulnerabilities USN-612-3

Please Install the Updated Packages.

Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases). If you are using such keys or certificates, OpenVPN will not start and the keys or certificates will need to be regenerated. The safest course of action is to regenerate all OpenVPN certificates and key files, except where it can be established to a high degree of certainty that the certificate or shared key was generated on an unaffected system. Once the update is applied, you can check for weak OpenVPN shared secret keys with the openvpn-vulnkey command. $ openvpn-vulnkey /path/to/key OpenVPN shared keys can be regenerated using the openvpn command. $ openvpn --genkey --secret &lt file&gt Additionally, you can check for weak SSL/TLS certificates by installing openssl-blacklist via your package manager, and using the openssl-vulkey command. $ openssl-vulnkey /path/to/key Please note that openssl-vulnkey only checks RSA private keys with 1024 and 2048 bit lengths. If in doubt, destroy the certificate and/or key and generate a new one. Please consult the OpenVPN documention when recreating SSL/TLS certificates. Additionally, if certificates have been generated for use on other systems, they must be found and replaced as well.

openvpn vulnerability on Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000707.html

---

Updated on 2015-03-25