what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Mandriva Linux Security Advisory 2014-053 https://packetstormsecurity.com/files/125694/MDVSA-2014-053.txt https://packetstormsecurity.com/files/125694/MDVSA-2014-053.txt https://packetstormsecurity.com/files/125694/Mandriva-Linux-Security-Advisory-2014-053.html Thu, 13 Mar 2014 21:23:44 GMT Mandriva Linux Security Advisory 2014-053 - When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC or DSA certificates may under certain conditions leak their private key.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close