[ubuntu-uk] OpenSSL vulnerability - Normal desktop user?
James Westby
jw+debian at jameswestby.net
Tue May 13 19:51:45 BST 2008
On Tue, 2008-05-13 at 19:38 +0100, alan c wrote:
> as a normal desktop user who does not log into other machines - am I
> correct in thinking it does not affect me?
> In a terminal
> dpkg -l openssh-server
> indicates it is not installed
Hi Alan,
That indicates that you don't have a vulnerable server key, which is a
good start.
The other two things to consider are
* SSH client keys. If you don't "ssh" to other machines then you
are unlikely to have them. Check the contents of "~/.ssh/" to
make sure.
* Other OpenSSL secrets. Most common would be SSL certificates for
doing SSL, either server-side or client-side. If you don't run
a webserver the former is very unlikely, and the latter is pretty
unlikely as well.
Thanks,
James
More information about the ubuntu-uk
mailing list