oss-sec mailing list archives
CVE request: weak PRNG in GNU Classpath
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 06 Dec 2008 11:11:31 +0100
<http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417> The random number generator in the gnu.java.security.util.PRNG class of GNU Classpath version 0.97.2 and earlier produces only a limited number of distinct byte streams, which may lead to guessable cryptographic key material and similar vulnerabilities.
Current thread:
- CVE request: weak PRNG in GNU Classpath Florian Weimer (Dec 06)