Bug#930659: libapache-session-perl: poor source of entropy for session id generation

Le 18/06/2019 à 09:56, Xavier a écrit : > Le 18/06/2019 à 09:46, Xavier a écrit : >> Le 17/06/2019 à 22:44, Raphael Geissert a écrit : >>> Package: libapache-session-perl >>> Version: 1.93-3 >>> Severity: important >>> Tags: security >>> >>> Hi, >>> >>> As discussed in oss-security[1],

Bug#930659: libapache-session-perl: poor source of entropy for session id generation

Le 18/06/2019 à 09:46, Xavier a écrit : > Le 17/06/2019 à 22:44, Raphael Geissert a écrit : >> Package: libapache-session-perl >> Version: 1.93-3 >> Severity: important >> Tags: security >> >> Hi, >> >> As discussed in oss-security[1], libapache-session-perl uses a poor >> source of entropy in

Bug#930659: libapache-session-perl: poor source of entropy for session id generation

Le 17/06/2019 à 22:44, Raphael Geissert a écrit : > Package: libapache-session-perl > Version: 1.93-3 > Severity: important > Tags: security > > Hi, > > As discussed in oss-security[1], libapache-session-perl uses a poor > source of entropy in Apache::Session::Generate::MD5. The critical part >

Bug#930659: libapache-session-perl: poor source of entropy for session id generation

Package: libapache-session-perl Version: 1.93-3 Severity: important Tags: security Hi, As discussed in oss-security[1], libapache-session-perl uses a poor source of entropy in Apache::Session::Generate::MD5. The critical part is moving away from rand (e.g. to using urandom), but it would also be