APPLIED: [CVE-2011-3188] move from partial md4 to full md5 for sequence randomisation

Tim Gardner tim.gardner at
Tue Sep 20 12:57:19 UTC 2011

On 09/20/2011 04:36 AM, Andy Whitcroft wrote:
> CVE-2011-3188
> 	Dan Kaminsky pointed out that using partial MD4 and using that
> 	to generate a sequence number, of which only 24-bits are truly
> 	unguessable, seriously undermine the goals of random sequence
> 	number generation.
> The fix for this has hit oneiric and lucid via stable.  Following this
> email are four patch sets for hardy, lucid/fsl-imx51, maverick and
> maverick/ti-omap4, and natty and natty/ti-omap4.
> The patch sets are substantially similar but kept separate to simplify
> merging the appropriate patches to the correct branch.  For all releases
> there are minor variations but mostly related to the context not the
> payload of the patches.  Of paricular note, the maverick and natty patch
> sets differ only in Makefile context in patch 1/2.  It should also be
> noted that the interfaces being replaced are identicle for all releases
> and the replacement code is also identicle and in use in onieiric
> kernels and later.
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4.
> -apw

I followed this patch series with some interest when it was originally 

Tim Gardner tim.gardner at

More information about the kernel-team mailing list