Last Updated: 2008-05-16 21:56:23 UTC
by Daniel Wesemann (Version: 1)
The Debian/Ubuntu SSL problem by now has sufficient media attention. Once the big security firms raise their threat level indicators, we at SANS ISC can go back to green :).
Debian Wiki has a good (and evolving) write-up on problems and resolutions: wiki.debian.org/SSLkeys
As a reminder, all systems that contain Debian/Ubuntu generated cryptographic key material are potentially vulnerable. You need to check those "authorized_keys" files for SSH on all platforms, not just on Debian.