Hello ,
Will there be an e-smith patch for this ???
Weakness Found in OpenSSL PRNG Algorithm
Summary
The pseudo-random number generator (PRNG) in SSLeay/OpenSSL versions
up to 0.9.6a is weakened by a design error. Knowing the output of
specific PRNG requests (including a number of consecutive very short
PRNG requests) would allow an attacker to determine the PRNG's
internal state and thus to predict future PRNG output. Typical
applications (including applications using OpenSSL's SSL/TLS library)
are not vulnerable to this attack because PRNG requests usually happen
in larger chunks. However, it is strongly recommended to upgrade to
OpenSSL 0.9.6b, which includes a fixed PRNG. If upgrading to 0.9.6b is
not immediately possible, the source code patch contained at the end
of this advisory should be applied.
--
Best regards,
Bertrand
[EMAIL PROTECTED]
http://www.linux-nc.org
Linux, il y a moins bien, mais c'est plus cher !
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
