Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
20 May 2008 Closed Low
The Debian project recently announced a security issue in their OpenSSL implementation that causes the generation of weak cryptographic keys. This also affects Linux distributions derived from Debian, e.g., Ubuntu.
Although Blue Coat products are not derived from Debian (and do not have the Debian-specific OpenSSL error), the security of Blue Coat products can be affected if weak keys have been imported, for example as an ssh client key or an externally generated certificate. Note that keys generated on Blue Coat products are not at risk, only keys generated on vulnerable Debian-based systems and imported onto Blue Coat products need to be replaced. So, for example, ssh client keys on ProxySG might need to be replaced, but the ssh host key on ProxySG does not. Blue Coat Systems, Inc. suggests that customers include their Blue Coat products in the list of systems that should be considered in following the remediation procedures announced by the Debian project.