[CVE-2011-3188] move from partial md4 to full md5 for sequence randomisation
Andy Whitcroft
apw at canonical.com
Tue Sep 20 10:36:31 UTC 2011
CVE-2011-3188
Dan Kaminsky pointed out that using partial MD4 and using that
to generate a sequence number, of which only 24-bits are truly
unguessable, seriously undermine the goals of random sequence
number generation.
The fix for this has hit oneiric and lucid via stable. Following this
email are four patch sets for hardy, lucid/fsl-imx51, maverick and
maverick/ti-omap4, and natty and natty/ti-omap4.
The patch sets are substantially similar but kept separate to simplify
merging the appropriate patches to the correct branch. For all releases
there are minor variations but mostly related to the context not the
payload of the patches. Of paricular note, the maverick and natty patch
sets differ only in Makefile context in patch 1/2. It should also be
noted that the interfaces being replaced are identicle for all releases
and the replacement code is also identicle and in use in onieiric
kernels and later.
Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list