From Mageia wiki
Jump to: navigation, search

MGASA-2012-0338

Date: November 23rd, 2012
Affected releases: 1


Description:
Updated erlang packages fixes security vulnerability:

The random number generator in the Crypto application before 2.0.2.2,
and SSH before 2.0.5, as used in the Erlang/OTP ssh library before
R14B03, uses predictable seeds based on the current time, which makes
it easier for remote attackers to guess DSA host and SSH session keys
(CVE-2011-0766).


Updated Packages:
erlang-appmon-R14B03-1.mga1
erlang-asn1-R14B03-1.mga1
erlang-base-R14B03-1.mga1
erlang-common_test-R14B03-1.mga1
erlang-compiler-R14B03-1.mga1
erlang-cosEventDomain-R14B03-1.mga1
erlang-cosEvent-R14B03-1.mga1
erlang-cosFileTransfer-R14B03-1.mga1
erlang-cosNotification-R14B03-1.mga1
erlang-cosProperty-R14B03-1.mga1
erlang-cosTime-R14B03-1.mga1
erlang-cosTransactions-R14B03-1.mga1
erlang-crypto-R14B03-1.mga1
erlang-debugger-R14B03-1.mga1
erlang-devel-R14B03-1.mga1
erlang-dialyzer-R14B03-1.mga1
erlang-diameter-R14B03-1.mga1
erlang-docbuilder-R14B03-1.mga1
erlang-edoc-R14B03-1.mga1
erlang-emacs-R14B03-1.mga1
erlang-erl_docgen-R14B03-1.mga1
erlang-erl_interface-R14B03-1.mga1
erlang-et-R14B03-1.mga1
erlang-eunit-R14B03-1.mga1
erlang-gs-R14B03-1.mga1
erlang-hipe-R14B03-1.mga1
erlang-ic-R14B03-1.mga1
erlang-inets-R14B03-1.mga1
erlang-inviso-R14B03-1.mga1
erlang-jinterface-R14B03-1.mga1
erlang-manpages-R14B03-1.mga1
erlang-megaco-R14B03-1.mga1
erlang-mnesia-R14B03-1.mga1
erlang-observer-R14B03-1.mga1
erlang-odbc-R14B03-1.mga1
erlang-orber-R14B03-1.mga1
erlang-os_mon-R14B03-1.mga1
erlang-otp_mibs-R14B03-1.mga1
erlang-parsetools-R14B03-1.mga1
erlang-percept-R14B03-1.mga1
erlang-pman-R14B03-1.mga1
erlang-public_key-R14B03-1.mga1
erlang-reltool-R14B03-1.mga1
erlang-runtime_tools-R14B03-1.mga1
erlang-snmp-R14B03-1.mga1
erlang-ssh-R14B03-1.mga1
erlang-ssl-R14B03-1.mga1
erlang-stack-R14B03-1.mga1
erlang-syntax_tools-R14B03-1.mga1
erlang-test_server-R14B03-1.mga1
erlang-toolbar-R14B03-1.mga1
erlang-tools-R14B03-1.mga1
erlang-tv-R14B03-1.mga1
erlang-typer-R14B03-1.mga1
erlang-webtool-R14B03-1.mga1
erlang-wx-R14B03-1.mga1
erlang-xmerl-R14B03-1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0766
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063218.html
https://bugs.mageia.org/show_bug.cgi?id=7062

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0338&oldid=12734"