FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f8c88d50-5fb3-11e4-81bd-5453ed2e2b49	libssh -- PRNG state reuse on forking servers Aris Adamantiadis reports: When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. Discovery 2014-03-05 Entry 2014-10-29 libssh < 0.6.3 CVE-2014-0017 http://www.openwall.com/lists/oss-security/2014/03/05/1 http://secunia.com/advisories/57407

VuXML ID

Description

f8c88d50-5fb3-11e4-81bd-5453ed2e2b49

libssh -- PRNG state reuse on forking servers

Aris Adamantiadis reports:

When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique.

Discovery 2014-03-05
Entry 2014-10-29
libssh

< 0.6.3

CVE-2014-0017
http://www.openwall.com/lists/oss-security/2014/03/05/1
http://secunia.com/advisories/57407