LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2012-0338 (erlang)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0338: erlang-R14B03-1.mga1 (1/core) 


Date:
    	      Fri, 23 Nov 2012 21:27:05 +0100


Message-ID:
    	      <20121123202705.GA25714@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2012-0338
Date: 	November 23rd, 2012
Affected releases: 	1


Description:
Updated erlang packages fixes security vulnerability:

The random number generator in the Crypto application before 2.0.2.2,
and SSH before 2.0.5, as used in the Erlang/OTP ssh library before
R14B03, uses predictable seeds based on the current time, which makes
it easier for remote attackers to guess DSA host and SSH session keys
(CVE-2011-0766).


Updated Packages:
erlang-appmon-R14B03-1.mga1
erlang-asn1-R14B03-1.mga1
erlang-base-R14B03-1.mga1
erlang-common_test-R14B03-1.mga1
erlang-compiler-R14B03-1.mga1
erlang-cosEventDomain-R14B03-1.mga1
erlang-cosEvent-R14B03-1.mga1
erlang-cosFileTransfer-R14B03-1.mga1
erlang-cosNotification-R14B03-1.mga1
erlang-cosProperty-R14B03-1.mga1
erlang-cosTime-R14B03-1.mga1
erlang-cosTransactions-R14B03-1.mga1
erlang-crypto-R14B03-1.mga1
erlang-debugger-R14B03-1.mga1
erlang-devel-R14B03-1.mga1
erlang-dialyzer-R14B03-1.mga1
erlang-diameter-R14B03-1.mga1
erlang-docbuilder-R14B03-1.mga1
erlang-edoc-R14B03-1.mga1
erlang-emacs-R14B03-1.mga1
erlang-erl_docgen-R14B03-1.mga1
erlang-erl_interface-R14B03-1.mga1
erlang-et-R14B03-1.mga1
erlang-eunit-R14B03-1.mga1
erlang-gs-R14B03-1.mga1
erlang-hipe-R14B03-1.mga1
erlang-ic-R14B03-1.mga1
erlang-inets-R14B03-1.mga1
erlang-inviso-R14B03-1.mga1
erlang-jinterface-R14B03-1.mga1
erlang-manpages-R14B03-1.mga1
erlang-megaco-R14B03-1.mga1
erlang-mnesia-R14B03-1.mga1
erlang-observer-R14B03-1.mga1
erlang-odbc-R14B03-1.mga1
erlang-orber-R14B03-1.mga1
erlang-os_mon-R14B03-1.mga1
erlang-otp_mibs-R14B03-1.mga1
erlang-parsetools-R14B03-1.mga1
erlang-percept-R14B03-1.mga1
erlang-pman-R14B03-1.mga1
erlang-public_key-R14B03-1.mga1
erlang-reltool-R14B03-1.mga1
erlang-runtime_tools-R14B03-1.mga1
erlang-snmp-R14B03-1.mga1
erlang-ssh-R14B03-1.mga1
erlang-ssl-R14B03-1.mga1
erlang-stack-R14B03-1.mga1
erlang-syntax_tools-R14B03-1.mga1
erlang-test_server-R14B03-1.mga1
erlang-toolbar-R14B03-1.mga1
erlang-tools-R14B03-1.mga1
erlang-tv-R14B03-1.mga1
erlang-typer-R14B03-1.mga1
erlang-webtool-R14B03-1.mga1
erlang-wx-R14B03-1.mga1
erlang-xmerl-R14B03-1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0766
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=7062
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds