oss-sec mailing list archives
Re: FreeBSD: URGENT: RNG broken for last 4 months
From: Loganaden Velvindron <loganaden () gmail com>
Date: Wed, 18 Feb 2015 10:33:59 +0400
On Wed, Feb 18, 2015 at 10:22 AM, Kurt Seifried <kseifried () redhat com> wrote:
https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054580.html
Hi Kurt,
From the follow-up mails it seems to affect FreeBSD-current only.
(See: https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054581.html)
If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from. This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." ======= I assume this needs a CVE, I know technically it didn't involve a release but quite a few people run -current (and it's a 4 month affected window), so if we're assigning CVE's to stuff hosted in github, then it seems fair that this should get one. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Current thread:
- FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Loganaden Velvindron (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months cve-assign (Feb 18)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 18)