Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6230

Re: c-ares, CVE-2023-31147, CVE-2023-31124

From Anton Gladky <gladk@debian.org>
Newsgroups linux.debian.security
Subject Re: c-ares, CVE-2023-31147, CVE-2023-31124
Date 2023-06-23 22:10 +0200
Message-ID <GJVgt-pc1-3@gated-at.bofh.it> (permalink)
References <GJGU9-gac-1@gated-at.bofh.it> <GJUkp-oDt-11@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Thank you all for your replies!

@Moritz, could you please create an issue with a
the possible proposal, how it should look like?

Best regards

Anton

Am Fr., 23. Juni 2023 um 20:49 Uhr schrieb Ola Lundqvist <ola@inguza.com>:
>
> Hi Anton, all
>
> Well even if there are some systems affected I must say that if
> someone have removed urandom the behavior described is expected. I
> mean /dev/urandom is there for a reason. And yes there are better
> functions than rand() but I can hardly see this as a vulnerability. Or
> well it is, but it is the kind of vulnerability when you remove the
> device that provide randomness in the system.
>
> I would have marked them as "minor issue".
>
> Cheers
>
> // Ola
>
>
> On Fri, 23 Jun 2023 at 06:49, Anton Gladky <gladk@debian.org> wrote:
> >
> > Hi,
> >
> > two CVEs might be irrelevant for Debian systems. Can they be
> > tagged as "unaffected"? Or we have some systems, where
> > /dev/urandom is not existing?
> >
> > Thanks
> >
> > Anton
> >
>
>
> --
>  --- Inguza Technology AB --- MSc in Information Technology ----
> |  ola@inguza.com                    opal@debian.org            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
>  ---------------------------------------------------------------

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

c-ares, CVE-2023-31147, CVE-2023-31124 Anton Gladky <gladk@debian.org> - 2023-06-23 06:50 +0200
  Re: c-ares, CVE-2023-31147, CVE-2023-31124 Moritz Muehlenhoff <jmm@inutil.org> - 2023-06-23 10:30 +0200
  Re: c-ares, CVE-2023-31147, CVE-2023-31124 Ola Lundqvist <ola@inguza.com> - 2023-06-23 21:10 +0200
    Re: c-ares, CVE-2023-31147, CVE-2023-31124 Anton Gladky <gladk@debian.org> - 2023-06-23 22:10 +0200
      Re: c-ares, CVE-2023-31147, CVE-2023-31124 Moritz Mühlenhoff <jmm@inutil.org> - 2023-06-27 20:50 +0200

csiph-web