Just the other day, CERT announced an OpenSSL vulnerability in the random number generator used by OpenSSL and Debian and Ubuntu systems. According to the vulnerability:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates. This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.
So for those who are using ubuntu like myself, you might want to update libssl and then
regen those keys/certs. More information can be found here.
