7 matches found
SUSE CVE-2014-0016
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator PRNG, which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC ECDSA or DSA...
Mageia: Security Advisory (MGASA-2014-0144)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2021-1978
Software: stunnel 4.56 OS: Cobalt 7.9 CVE-ID: CVE-2014-0016 CVE-Crit: MEDIUM CVE-DESC: stunnel before 5.00 when using fork streaming does not properly update the OpenSSL pseudo-random number generator PRNG state, which causes subsequent children with the same process ID to use the same entropy po...
Gentoo Security Advisory GLSA 201408-14
Gentoo Linux Local Security Checks GLSA 201408-14 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
KLA10342 OSI vulnerability in Stunnel
Improper work with OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can obtain private keys or certificates. This vulnerability can be exploited remotely at a point related to children’s processes. Original advisories Stunnel Changelog Related products Stunnel CVE li...
Fedora Update for stunnel FEDORA-2014-5321
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-0016
CVE-2014-0016 affects stunnel prior to 5.00 where PRNG state is not properly updated after fork-threading. This can cause subsequent child processes (sharing the same PID) to reuse the same entropy pool, enabling attackers to potentially obtain private keys for EC (ECDSA) or DSA certificates when...