Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36157

PRNG not cryptographically strong on GCC before 5.5

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL

      Upgrading GCC to version 5.5 fixes a security flaw with PRNG.

      CVSS 2.1

      https://www.cvedetails.com/cve/CVE-2017-11671/

      "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. "

            Assignee:
            backlog-server-devtools DO NOT USE - Backlog - Dev Tools
            Reporter:
            davi.ottenheimer Davi Ottenheimer
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: