From owner-freebsd-security Fri Oct 6 16:19:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 76A8B37B503; Fri, 6 Oct 2000 16:19:44 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96NJif01392; Fri, 6 Oct 2000 16:19:44 -0700 (PDT) Date: Fri, 6 Oct 2000 16:19:44 -0700 From: Alfred Perlstein To: security@freebsd.org Cc: stable@freebsd.org Subject: 2.2.x FreeBSD-SA-00:52 patch adjusted Message-ID: <20001006161944.C272@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Because of serious breakage in the arc4random code in FreeBSD-current (3 months and counting) my initial patch to 2.2.x was flawed because the arc4random code would never re-seed itself properly. This problem could possibly lead to more easy to predict sequences. I've just added another patch that should allievate the problem, just for reference make sure src/sys/libkern/arc4random.c is has this ID tag: $FreeBSD: /c/ncvs/src/sys/libkern/arc4random.c,v 1.6.4.2 2000/10/06 22:49:54 alfred Exp $ That would be arc4random.c MFC'd from -stable (FreeBSD 4) where it should be working properly. Thanks to Kris Kennaway (kris@freebsd.org) for pointing out this error and suggesting the fix. My apologies to those who already cvsup'd and rebooted thier 2.2.x boxes. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message