SUMMARY

The Debian project recently announced a security issue in their OpenSSL implementation that causes the generation of weak cryptographic keys. This also affects Linux distributions derived from Debian, e.g., Ubuntu.

ISSUES

Although Blue Coat products are not derived from Debian (and do not have the Debian-specific OpenSSL error), the security of Blue Coat products can be affected if weak keys have been imported, for example as an ssh client key or an externally generated certificate. Note that keys generated on Blue Coat products are not at risk, only keys generated on vulnerable Debian-based systems and imported onto Blue Coat products need to be replaced. So, for example, ssh client keys on ProxySG might need to be replaced, but the ssh host key on ProxySG does not. Blue Coat Systems, Inc. suggests that customers include their Blue Coat products in the list of systems that should be considered in following the remediation procedures announced by the Debian project.

See the links below for more details.

REFERENCES

Debian OpenSSL Advisory: https://www.debian.org/security/2008/dsa-1571
Debian OpenSSH Advisory: https://www.debian.org/security/2008/dsa-1576
Debian Key Rollover procedures: https://www.debian.org/security/key-rollover/
Debian Wiki: https://wiki.debian.org/SSLkeys