*****************************************************************************************
Linux Operating System Security Flaws May Have Compromised Your Certificates.  
Replace Them Now at No Charge.
*****************************************************************************************
Dear Ramiro,

We are writing to inform you of a recent exposed security flaw with certain versions of Linux so you may 
take immediate action and protect your site and your customers against any vulnerability. If you are not 
using Debian or one of its derivatives there is nothing you need to do.

WHO IS IMPACTED AND WHY?
For customers who used a Debian OS (or its derivatives) to generate a key pair used to request a 
certificate, that key pair (and the corresponding certificate) is vulnerable. This is due to a flaw in the 
Debian-specific random number generation that results in relatively predictable key pair values, making 
them highly exploitable.

thawte's trusted root and intermediate roots were not impacted by this incident.

WHAT CAN YOU DO?
If you are running Debian operating systems and derivatives (such as Ubuntu) released between 
September 17, 2006 and May 12, 2008 you should deploy a recently replaced Debian patch and revoke 
and replace all SSL and code signing certificates for which keys were created on these operating 
systems.  Debian has released a testing tool to confirm whether your certificates are affected. 
This tool and other useful information can be found here:
http://lists.debian.org/debian-security-announce/2008/msg00152.html

Sincerely,
Chris Babel
Senior Vice President, SSL
thawte