is linux going to update and remove the broken code inserted by the NSA in the rsa PRNG?

http://www.bbc.co.uk/news/technology-24173977

http://rt.com/usa/nsa-weak-cryptography-rsa-110/

and many more examples out there on the facts:

and what can we do NOW while waiting on the kernel devs to make the changes?

I haven't seen anywhere that this PRNG was in linux.

i dont know and dont even know were to start looking for that PRNG. all i know is that i use rsa keys for keyless ssh access all the time for both personal and business use. id like to be reassured that those keys are not generated via this broken code that allows the NSA and others to just walk in when ever they damn well please.

The articles you linked are talking about a company called RSA Security, not the RSA algorithm.

Given that problems with Dual_EC_DRNG were uncovered back in 2007, it seems strange that anyone is still using it now...

See also: Who uses Dual_EC_DRBG?

Is this what is being asked about?
http://nakedsecurity.sophos.com/2013...oing-you-dont/

well as long as those backdoors are not used in Fedora/RHEL ill be abit more at ease.

We can never know for certain, but I would assume that the three-letter-agencies can break into anything you have one way or another.
I wouldn't worry though -- if they want what you have they'll take it anyway and if they don't then you're just one of a herd and the likelihood of them using you as a scapegoat is the same as for anyone else. In fact, if you do go ahead and strengthen your crypto more than most you're just drawing a target on yourself for them to label you a "terrorist" or "pedophile".
The battle is lost -- the rubber hose and water-board is more powerful than any computer.

Kind of skewed comments. Just because there is a hole in their security doesn't mean NSA put it there and the articles don't suggest it. It also doesn't mean every good hacker and hacker country isn't already aware of RSA's flawed software.

RSA seem to get as close to saying "The NSA put this back door in" as they think they can get away with.
The US agencies have made it abundantly clear in the past that they insist on a back door into any crypto and are well known for bribery, corruption and unconstitutional behaviour when looking for corporate intelligence.

Of particular note is the second link you posted because it leads to http://csrc.nist.gov/groups/STM/cavp...g/drbgval.html. OpenSSL is on the list and sure it had Dual_EC_DRBG tested but only as one out of four DBRGs, unlike McAffee and Microsoft the latter of which chose to test only two DRBGs for Windows 8 of which the comment for Dual_EC_DRBG reads "...to permit the use of FIPS 140-2 Level 1 compliant cryptography". As discussed elsewhere using Dual_EC_DRBG isn't the default for performance reasons alone so the choice must be deliberate one.