Fork Protection
Description
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Affected products
9- osv-coords8 versionspkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.1.1l-1.2+ 7 more
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- (no CPE)range: < 1.1.1d-2.20.1
- Range: Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4376-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4539mitrevendor-advisoryx_refsource_DEBIAN
- git.openssl.org/gitweb/mitrex_refsource_CONFIRM
- seclists.org/bugtraq/2019/Oct/1mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20190919-0002/mitrex_refsource_CONFIRM
- support.f5.com/csp/article/K44070243mitrex_refsource_CONFIRM
- support.f5.com/csp/article/K44070243mitrex_refsource_CONFIRM
- www.openssl.org/news/secadv/20190910.txtmitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.