random number generator

In May of 2008, researchers found a flaw in the Debian GNU/Linux operating system's random number generator, making any OpenSSL keys generated during the past 20 months so predictable that they could be ...

In May of 2008, researchers found a flaw in the Debian GNU/Linux operating system's random number generator, making any OpenSSL keys generated during the past 20 months so predictable that they could be correctly guessed in a matter of hours.

CentOS has updated libxslt (heap buffer overflow).

Debian has updated newsx (arbitrary code execution).

Fedora 9 has updated trac (multiple vulnerabilities), asterisk (multiple vulnerabilities), phpmyadmin (cross-site framing vulnerability) and pdns-recursor (weak random number generator).

billybob2 writes "VIA has published three programming guides that total 800 pages in length and cover their PadLock, CX700, and VX800/820 technologies.

The VIA PadLock provides a random number generator, an advanced cryptography engine, and RSA algorithm computations.

The VX800 chipset was VIA's first Integrated Graphics Processor, while the CX700 is a System Media Processor designed for the mobile market.

Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. As a result, cryptographic key material may be guessable.

Systems other than Debian can be indirectly affected if weak keys are imported into them.

A very dangerous security bug discovered in openssl debian/ubuntu packages. The random number generator in Debian's openssl package is predictable.

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems.

As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system.

T

According to an announcement on the debian.org security lists, a flaw in the random number generator of debian's openssl package has the potential to make any cryptographic key material generated by it guessable.

This flaw could potentially compromise thousands of SSL certificates.

Debian has updated phpgedview (privilege escalation), gnutls (several vulnerabilities).

Mandriva has updated libid3tag (infinite loop).

Red Hat has updated the kernel (multiple DoS vulnerabilities), gnutls (RHEL5, RHEL4: several vulnerabilities).

A severe vulnerability was found in the random number generator (RNG)of the Debian OpenSSL package, starting with version 0.9.8c-1 (andsimilar packages in derived distributions such as Ubuntu).

While thisbug is not present in the OpenSSL packages provided by CentOS, it maystill affect CentOS users.