Fedora Contributors,
Recently, there has been a lot of news about the vulnerability
impacting the Debian and Debian-derived OpenSSL Random Number
Generator[1]. While Fedora's OpenSSL did not contain this
vulnerability, we are potentially impacted by it. If you generated
your key on an affected Debian-based[2] system then you need to
regenerate and replace your SSH key(s) on all systems you access
with those keys. Instructions for how to do that for Fedora
are here. [3]
As a general rule, if you do not know when/where you created your
key or whether you have ever authenticated to a Debian-based
system then replace any and all ssh keys you use. This is a
good plan for all ssh keys, independent of whether or not they
are used in the Fedora infrastructure.
We would appreciate your prompt attention to this matter.
Sincerely,
Fedora Infrastructure Team
[1]
http://lists.debian.org/debian-security-announce/2008/msg00152.html
[2] Debian, Ubuntu, Knoppix, etc.
[3]
http://fedoraproject.org/wiki/Infrastructure/ReplacingSSHKey