As you may know a vulnerability has been found in recent openssl and
openssh packages in Debian-based distros
http://metasploit.com/users/hdm/tools/debian-openssl/In eBox's case only the Ubuntu-based installations are vulnerable. The
older Debian based ones had a correct openssl version.
You firstly need to upgrade to the new openssl and ssh package. You can
use this command to do so:
apt-get update
apt-get install openssl ssh
There are two affected eBox components:
- eBox HTTPS server certificate
- eBox CA certificates
-eBox HTTPS server certificate
You might create a new server certificate following those steps:
- sudo rm -rf /var/lib/ebox/conf/ssl*
- sudo /usr/share/ebox/ebox-create-certificate
- sudo /etc/init.d/ebox apache restart
In the next connection to the web interface, your browser will ask
you about accepting the new certificate
- eBox CA certificates
There is not a easy fix here, you will need to go to the web interface
and renew the CA. This will renew the CA's certificates.
If you are using the openvpn you will need to distribute the new
certificates and the current connections will be stopped.
As last note I remind you if you that any openssl or ssh certificate
created in a ubuntu-based eBox is unsafe and you nedd to
revoke/renew/delete it.
Cheers,
Javier