ALT-PU-2014-1366-1
Closed vulnerabilities
Published: 2014-08-10
BDU:2015-09759
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: LOW (1.9)
References:
Published: 2014-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0017
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
Severity: LOW (1.9)
References:
- openSUSE-SU-2014:0366
- openSUSE-SU-2014:0366
- openSUSE-SU-2014:0370
- openSUSE-SU-2014:0370
- 57407
- 57407
- DSA-2879
- DSA-2879
- http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
- http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
- [oss-security] 20140305 libssh and stunnel PRNG flaws
- [oss-security] 20140305 libssh and stunnel PRNG flaws
- USN-2145-1
- USN-2145-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1072191
- https://bugzilla.redhat.com/show_bug.cgi?id=1072191