====== OpenSSL vulnerability in Debian Etch and Ubuntu ======

A vulnerability involving predictable random numbers has been discovered in the OpenSSL packages included with Debian Etch and Ubuntu systems.  This vulnerability affects all software which makes use of SSL/TLS encrypted connections, including Citadel.

Please see http://lists.debian.org/debian-security-announce/2008/msg00152.html for more detailed information.

In order to patch the OpenSSL vulnerability, issue this command:

  apt-get update; apt-get upgrade

Afterwards, you should regenerate your private keys in SSL/TLS enabled applications, such as Citadel.  The procedure for doing so on a Citadel installation using the Debian package is:
 
  rm -f /etc/ssl/citadel/*
 
For an Easy Install system, it is:
 
  rm -f /usr/local/citadel/keys/*

Then restart Citadel to make it generate new keys.  If you are making use of certificates signed by a certificate authority, you will need to submit a new CSR to them for re-signing.

Naturally, if you are also running OpenSSH on your server, you will need to regenerate keys for that as well.