'[oss-security] CVE request: weak PRNG in GNU Classpath'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: weak PRNG in GNU Classpath
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2008-12-06 10:11:31
Message-ID: 87bpvpmx4c.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

<http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417>

The random number generator in the gnu.java.security.util.PRNG class
of GNU Classpath version 0.97.2 and earlier produces only a limited
number of distinct byte streams, which may lead to guessable
cryptographic key material and similar vulnerabilities.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic