Lucene search
Gentoo FoundationMGASA-2014-0535HistoryDec 19, 2014 - 6:06 p.m.
Updated pwgen package fixes security vulnerabilities
2014-12-1918:06:35
Gentoo Foundation
advisories.mageia.org
7
0.005 Low
EPSS
Percentile
75.4%
Updated pwgen package fixes security vulnerabilities: Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns (CVE-2013-4440). Pwgen was found to silently falling back to use standard pseudo generated numbers on the systems that heavily use entropy. Systems, such as those with a lot of daemons providing encryption services, the entropy was found to be exhausted, which forces pwgen to fall back to use standard pseudo generated numbers (CVE-2013-4442).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 4 | noarch | pwgen | < 2.07-1 | pwgen-2.07-1.mga4 |
Related
openvas
openvas
Fedora Update for pwgen FEDORA-2014-16473
2014-12-17 00:00:00
Fedora Update for pwgen FEDORA-2014-16406
2015-01-05 00:00:00
Fedora Update for pwgen FEDORA-2014-16368
2014-12-14 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: pwgen-2.07-1.fc19
2014-12-17 04:42:10
[SECURITY] Fedora 20 Update: pwgen-2.07-1.fc20
2014-12-13 09:36:12
[SECURITY] Fedora 21 Update: pwgen-2.07-1.fc21
2014-12-15 04:34:22
securityvulns
securityvulns
pwgen weak passwords generation
2015-01-13 00:00:00
[ MDVSA-2015:008 ] pwgen
2015-01-13 00:00:00
nessus
nessus
Fedora 20 : pwgen-2.07-1.fc20 (2014-16368)
2014-12-15 00:00:00
Fedora 21 : pwgen-2.07-1.fc21 (2014-16406)
2014-12-15 00:00:00
Fedora 19 : pwgen-2.07-1.fc19 (2014-16473)
2014-12-17 00:00:00
prion
prion
Design/Logic Flaw
2014-12-19 15:59:00
Default credentials
2014-12-19 15:59:00
debiancve
debiancve
CVE-2013-4440
2014-12-19 15:59:00
CVE-2013-4442
2014-12-19 15:59:00
cve
cve
CVE-2013-4440
2014-12-19 15:59:00
CVE-2013-4442
2014-12-19 15:59:00
cvelist
cvelist
CVE-2013-4442
2014-12-19 15:00:00
CVE-2013-4440
2014-12-19 15:00:00
ubuntucve
ubuntucve
CVE-2013-4442
2014-12-19 00:00:00
CVE-2013-4440
2014-12-19 00:00:00