APPLIED: [CVE-2011-3188] move from partial md4 to full md5 for sequence randomisation
Tim Gardner
tim.gardner at canonical.com
Tue Sep 20 12:57:19 UTC 2011
On 09/20/2011 04:36 AM, Andy Whitcroft wrote:
> CVE-2011-3188
> Dan Kaminsky pointed out that using partial MD4 and using that
> to generate a sequence number, of which only 24-bits are truly
> unguessable, seriously undermine the goals of random sequence
> number generation.
>
> The fix for this has hit oneiric and lucid via stable. Following this
> email are four patch sets for hardy, lucid/fsl-imx51, maverick and
> maverick/ti-omap4, and natty and natty/ti-omap4.
>
> The patch sets are substantially similar but kept separate to simplify
> merging the appropriate patches to the correct branch. For all releases
> there are minor variations but mostly related to the context not the
> payload of the patches. Of paricular note, the maverick and natty patch
> sets differ only in Makefile context in patch 1/2. It should also be
> noted that the interfaces being replaced are identicle for all releases
> and the replacement code is also identicle and in use in onieiric
> kernels and later.
>
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
I followed this patch series with some interest when it was originally
introduced.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list