Package: src:kfreebsd-9 Version: 9.2-1 Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, Debian Testing Security Team <secure-testing-t...@lists.alioth.debian.org> Control: found -1 9.0-10+deb70.5 Control: found -1 9.0~svn223109-0.1 Control: clone -1 -2 Control: reassign -2 src:kfreebsd-8/8.3-6 Control: found -2 8.2-1 Control: found -2 8.0-1
The kernel of FreeBSD since 5.3 supports the Nehemiah RNG in 32-bit VIA Eden CPU cores. Where available, it is used as the sole provider of /dev/{,u}random (after some post-processing in hardware). This affects 32-bit Debian kfreebsd-8 and kfreebsd-9 packages. Since first being uploaded to sid, kfreebsd-10 had already reworked this (in SVN r256381) to feed hardware RNGs into Yarrow along with other entropy sources, so they can be safely used. Additionally, support for the RNG in 64-bit Via Nano CPU cores was added to 64-bit builds of kfreebsd-9, version 9.1 and later. I've no reason to think that VIA or its chip design subsidiary, both Taiwanese-owned, were involved in the recently disclosed US NSA anti-encryption programs. But it is clear now that we should not rely exclusively on hardware RNGs any more. This will likely be fixed in stable by disabling this RNG by default, as upstream have done in stable/8 and stable/9. In jessie/sid, kfreebsd-9 may soon be superseded by kfreebsd-10. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org