I think the mantra "don't fix bugs that you don't understand" by Ben Laurie (as linked by randombit, thx) is a really important message to take away from this debacle.
I think this particularly applies to anything the OpenSSL guys produce. Their security track record (and understanding of software security) is almost certainly better than yours, regardless of who you are.
It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch.
grrrrrrrrr
I hope rapidSSL.com will re-sign my new SSL certificate for free. I just had my latest cert issued on April 28th.
Worst type of bug that could possibly exist, and unnoticed by the general public for so long. Incredible. Something like this could trivially be detected with basic prng tests. I'm certain that there are groups that discovered this long ago!
It is a worst type of "bug" because it seems intentional: the implications are enormous, the temptation is simply too big.
Remember the "netscape" crypto lib (ssl huh...)? With half-key repositories, weak rnd generators, "bugs". This doesn't happen so often by accident. Particularly after having been recognized.
http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html
I'm running Ubuntu 8.04, and the updated packages came down the pipe this morning. That's a nasty issue. I'm glad I didn't have anything depending on my keys.
