mailing list archives
CVE for OpenBSD random() bug?
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 22:51:13 -0600
Fix a bug where random() always returns 0 when srandom() is seeded
with 0. Use 1 and not 0 as the first element of the state array,
similar to what glibc does. OK nicm@
It would seem this fits into the "weaker then advertised" class of
security problem. Thoughts/comments (anyone strongly against this)?
Kurt Seifried Red Hat Security Response Team (SRT)
- CVE for OpenBSD random() bug? Kurt Seifried (Mar 22)