Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Jul 2014 11:13:44 +0200
From: Hanno Böck <>
Subject: CVE request: libressl before 2.0.2 under linux PRNG failure


This has made the news lately:

Should get a CVE. Affected is portable libressl 2.0.0 and 2.0.1 on
Linux. 2.0.2 has been released:

Under certain conditions forking a process can create repeated random

LibreSSL 2.0.2 contains a workaround, although the reporter of this
issue thinks this may not be the best approach.

Please assign CVE.

Hanno Böck - freier Journalist
E-Mail/Jabber:		PGP-Key: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ