Last Updated: 2011-02-05 22:01:03 UTC
by Guy Bruneau (Version: 1)
If generating a legacy certificate using the "-t" option, a vulnerability could be exploited by attackers to gain knowledge of sensitive information. If legacy certificates have been issued using OpenSSH version 5.6/5.7, consider rotating any CA key used. OpenSSH recommend upgrading to version 5.8 available here or apply this patch.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu