[CVE-2011-3188] move from partial md4 to full md5 for sequence randomisation

Andy Whitcroft apw at canonical.com
Tue Sep 20 10:36:31 UTC 2011

	Dan Kaminsky pointed out that using partial MD4 and using that
	to generate a sequence number, of which only 24-bits are truly
	unguessable, seriously undermine the goals of random sequence
	number generation.

The fix for this has hit oneiric and lucid via stable.  Following this
email are four patch sets for hardy, lucid/fsl-imx51, maverick and
maverick/ti-omap4, and natty and natty/ti-omap4.

The patch sets are substantially similar but kept separate to simplify
merging the appropriate patches to the correct branch.  For all releases
there are minor variations but mostly related to the context not the
payload of the patches.  Of paricular note, the maverick and natty patch
sets differ only in Makefile context in patch 1/2.  It should also be
noted that the interfaces being replaced are identicle for all releases
and the replacement code is also identicle and in use in onieiric
kernels and later.

Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
and natty/ti-omap4.


More information about the kernel-team mailing list