[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#453944: marked as done (FreeBSD: CVE-2007-6150 programming error in random number generator)



Your message dated Sat, 12 Jan 2008 18:10:10 +0100
with message-id <20080112171008.GA17754@volta.aurel32.net>
and subject line FreeBSD: CVE-2007-6150 programming error in random number generator
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: kfreebsd-5
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kfreebsd-5.

CVE-2007-6150[0]:
| The "internal state tracking" code for the random and urandom devices
| in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to
| obtain portions of previously-accessed random values, which could be
| leveraged to bypass protection mechanisms that rely on secrecy of
| those values.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

A patch for this can be found on:
http://security.freebsd.org/patches/SA-07:09/random.patch

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp4veKQ2pKgf.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
On Sun, Dec 02, 2007 at 03:18:59PM +0100, Nico Golde wrote:
> Package: kfreebsd-5
> Severity: grave
> Tags: security patch
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for kfreebsd-5.
> 
> CVE-2007-6150[0]:
> | The "internal state tracking" code for the random and urandom devices
> | in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to
> | obtain portions of previously-accessed random values, which could be
> | leveraged to bypass protection mechanisms that rely on secrecy of
> | those values.
> 
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
> 
> A patch for this can be found on:
> http://security.freebsd.org/patches/SA-07:09/random.patch
> 
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150
> 

kfreebsd-5 has been removed from the archive, and replaced by kfreebsd-6
and kfreebsd-7. Both of them have this vulnerability fixed.

Closing the bug

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net


--- End Message ---

Reply to: