Security Advisories

May 20, 2008 - IMPLICATIONS OF DEBIAN OPENSSL ADVISORY FOR BLUE COAT CUSTOMERS

Security Advisories ID:    SA25
Version:    1.0
Status:    Published
Published date:    03/09/2009
 

Advisory Severity

Varies (depends on use of Debian-generated keys)

Details

The Debian project recently announced a security issue in their OpenSSL implementation that causes the generation of weak cryptographic keys.  This also affects Linux distributions derived from Debian, e.g., Ubuntu.

See the links below for more details.

Although Blue Coat products are not derived from Debian (and do not have the Debian-specific OpenSSL error), the security of Blue Coat products can be affected if weak keys have been imported, for example as an ssh client key or an externally generated certificate.

Note that keys generated on Blue Coat products are not at risk, only keys generated on vulnerable Debian-based systems and imported onto Blue Coat products need to be replaced.  So, for example, ssh client keys on ProxySG might need to be replaced, but the ssh host key on ProxySG does not.

Blue Coat Systems, Inc. suggests that customers include their Blue Coat products in the list of systems that should be considered in following the remediation procedures announced by the Debian project.

References


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question