SA25 : Implications of Debian OpenSSL Advisory for Blue Coat Customers
1154
03 March 2020
20 May 2008
CLOSED
LOW
SUMMARY
The Debian project recently announced a security issue in their OpenSSL implementation that causes the generation of weak cryptographic keys. This also affects Linux distributions derived from Debian, e.g., Ubuntu.
ISSUES
Although Blue Coat products are not derived from Debian (and do not have the Debian-specific OpenSSL error), the security of Blue Coat products can be affected if weak keys have been imported, for example as an ssh client key or an externally generated certificate. Note that keys generated on Blue Coat products are not at risk, only keys generated on vulnerable Debian-based systems and imported onto Blue Coat products need to be replaced. So, for example, ssh client keys on ProxySG might need to be replaced, but the ssh host key on ProxySG does not. Blue Coat Systems, Inc. suggests that customers include their Blue Coat products in the list of systems that should be considered in following the remediation procedures announced by the Debian project.
See the links below for more details.
REFERENCES
Debian OpenSSL Advisory: https://www.debian.org/security/2008/dsa-1571
Debian OpenSSH Advisory: https://www.debian.org/security/2008/dsa-1576
Debian Key Rollover procedures: https://www.debian.org/security/key-rollover/
Debian Wiki: https://wiki.debian.org/SSLkeys