LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, February 18th, 2015

    Time Event
    2:28p
    FreeBSD random number generator broken for last 4 months
    As several LWN readers have pointed out, John-Mark Gurney posted a message to the freebsd-current mailing list on February 17 noting that the random number generator (RNG) in the FreeBSD "current" kernel has been broken for the last four months. "If you are running a current kernel r273872 or later, please upgrade
    your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling
    randomdev_init_reader, which means that read_random(9) was not returning
    good random data. read_random(9) is used by arc4random(9) which is
    the primary method that arc4random(3) is seeded from.

    This means most/all keys generated may be predictable and must be
    regenerated. This includes, but not limited to, ssh keys and keys
    generated by openssl. This is purely a kernel issue, and a simple
    kernel upgrade w/ the patch is sufficient to fix the issue.    "
    4:54p
    Security advisories for Wednesday

    Fedora has updated file (F21: multiple vulnerabilities).

    Gentoo has updated chromium (multiple vulnerabilities).

    Mageia has updated dbus (denial of service), glibc (two vulnerabilities), kernel (multiple vulnerabilities), patch (multiple vulnerabilities), postgresql (multiple vulnerabilities), and x11-server (information leak/denial of service).

    openSUSE has updated mdadm (13.2: command injection).

    Ubuntu has updated php5 (14.10, 14.04, 12.04: multiple vulnerabilities) and unzip (14.10, 14.04, 12.04: code execution).

    << Previous Day 2015/02/18
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org