IMPLICATIONS OF DEBIAN OPENSSL ADVISORY FOR BLUE COAT CUSTOMERS

Back to all Security AdvisoriesSubscribe
Security Advisories ID: 
SA25
Published Date: 
May 20, 2008
Advisory Status: 
Final
Advisory Severity: 
Low
The Debian project recently announced a security issue in their OpenSSL implementation that causes the generation of weak cryptographic keys. This also affects Linux distributions derived from Debian, e.g., Ubuntu. See the links below for more details. Although Blue Coat products are not derived from Debian (and do not have the Debian-specific OpenSSL error), the security of Blue Coat products can be affected if weak keys have been imported, for example as an ssh client key or an externally generated certificate. Note that keys generated on Blue Coat products are not at risk, only keys generated on vulnerable Debian-based systems and imported onto Blue Coat products need to be replaced. So, for example, ssh client keys on ProxySG might need to be replaced, but the ssh host key on ProxySG does not. Blue Coat Systems, Inc. suggests that customers include their Blue Coat products in the list of systems that should be considered in following the remediation procedures announced by the Debian project.
References: 
Feedback