aru Posted January 26, 2006 Report Share Posted January 26, 2006 Mandriva Advisories MDKSA-2006:023 : perl-Net_SSLeay Updated perl-Net_SSLeay packages fix vulnerability January 26th, 2006 Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH.This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:023 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0106 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts