Comment 5 for bug 230174

On 05/14/2008 06:23 PM, Chris K. Jester-Young wrote:
> What version of libssl0.9.8 do you have installed? If older than 0.9.8e-
> 5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to
> generate bad keys. This is irrespective of what version of openssh-
> server you have, which only adds checks for vulnerable keys, and does
> not affect key generation.
>

libssl0.9.8 is 0.9.8.g-4ubuntu2

No idea why my version is the newer, other than perhaps the fact that
this machine is a Dapper ==> Edgy ==> Fiesty ==> Gutsy updated/upgraded
machine and at one point I may have attempted to install a Hardy package
that brought it in.

I'll bring in 0.9.8e-5ubutu3.1 and see if that makes a difference....

Well via Synaptic the only version is

libssl0.9.8-dbg:
  Depends: libssl0.9.8 (=0.9.8e-5ubuntu3.2) but 0.9.8g-4ubuntu3 is to be
installed

So that didn't work. Try again:
http://packages.ubuntu.com/gutsy/i386/libssl0.9.8/download
====
Not Found

The requested URL
/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb was
not found on this server.
====

deb http://security.ubuntu.com/ubuntu gutsy-security main
added, and the result is:

$ sudo apt-get install --reinstall libssl0.9.8
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reinstallation of libssl0.9.8 is not possible, it cannot be downloaded.

Suggestions?