Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure
From: Stuart Henderson <stu () spacehopper org>
Date: Fri, 18 Jul 2014 21:01:27 +0100

https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux

forking a process can create repeated random numbers

Please assign CVE.

The existence of a popular blog post discussing a number of
interrelated LibreSSL and OpenSSL issues doesn't mean that we have a
good way to proceed by assigning a single CVE ID.

I see a number of web pages relating to this issue are mentioning that
it has already been assigned CVE-2014-2970, can anyone throw light on this?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]