Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#36640 - [openssl] Rand Number Generator produces equal number sequences for forked processes with equal PID
Attached to Project:
Arch Linux
Opened by Lennart Riecken (lriecken) - Thursday, 22 August 2013, 21:18 GMT
Last edited by Pierre Schmitz (Pierre) - Saturday, 02 November 2013, 20:49 GMT
Opened by Lennart Riecken (lriecken) - Thursday, 22 August 2013, 21:18 GMT
Last edited by Pierre Schmitz (Pierre) - Saturday, 02 November 2013, 20:49 GMT
|
DetailsThe Problem with the OpenSSL Random Number Generator creating predictable numbers after forking the process illustrated in this Blog Posting also applies to ArchLinux' OpenSSL version.
http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/ |
This task depends upon
Closed by Pierre Schmitz (Pierre)
Saturday, 02 November 2013, 20:49 GMT
Reason for closing: Upstream
Saturday, 02 November 2013, 20:49 GMT
Reason for closing: Upstream
pid=29776 \x85\xdc\x10\x73
pid=29776 \xaf\x78\xad\xfe
Running this on ubuntu 12.04 shows the vulnerability:
pid=22184 \xa1\x76\x29\xc1
pid=22184 \xa1\x76\x29\xc1
pid=2650 \xcd\xce\x97\x80
pid=2650 \xcd\xce\x97\x80
Really nothing for Arch to do until openssl upstream releases a patch.