Описание
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 0~20191122.bd85bf54-2 |
| disco | not-affected | code not present |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 0~20191122.bd85bf54-2 |
| focal | not-affected | 0~20191122.bd85bf54-2 |
| groovy | not-affected | 0~20191122.bd85bf54-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl1.1 |
| disco | not-affected | uses system openssl1.1 |
| eoan | not-affected | uses system openssl1.1 |
| esm-apps/bionic | not-affected | uses system openssl1.0 |
| esm-apps/focal | not-affected | uses system openssl1.1 |
| esm-apps/xenial | not-affected | uses system openssl |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl1.1 |
| groovy | not-affected | uses system openssl1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.1-1ubuntu2.1~18.04.6 |
| devel | released | 1.1.1d-2ubuntu1 |
| disco | ignored | end of life |
| eoan | released | 1.1.1c-1ubuntu4.1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 1.1.1-1ubuntu2.1~18.04.6 |
| esm-infra/focal | released | 1.1.1d-2ubuntu1 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 1.1.1d-2ubuntu1 |
| groovy | released | 1.1.1d-2ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Уязвимость функции fork() библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3