Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 503504 (CVE-2014-0017) - <net-libs/libssh-0.6.3 : Improper initialization of PRNG after fork() (CVE-2014-0017)
Summary: <net-libs/libssh-0.6.3 : Improper initialization of PRNG after fork() (CVE-20...
Alias: CVE-2014-0017
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Depends on: 488696
  Show dependency tree
Reported: 2014-03-05 11:44 UTC by Agostino Sarubbo
Modified: 2014-08-10 17:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-05 11:44:17 UTC
From ${URL} :

A flaw was found in libssh server.  When accepting a new connection, the server forks and the child 
process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, 
but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. 
The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain 
conditions leak their private key.

Public via:

This issue is addressed in upstream release of libssh-0.6.3:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2014-03-05 12:54:37 UTC
+*libssh-0.6.3 (05 Mar 2014)
+  05 Mar 2014; Lars Wendler <> -libssh-0.6.0.ebuild,
+  +libssh-0.6.3.ebuild:
+  Security bump (bug #503504). Removed old.

I've asked upstream and they said libssh-0.5.x is affected as well.

We still haven't all arches catching up with libssh-0.5.x (see bug #488696):

  KEYWORDS.dropped              2
   net-libs/libssh/libssh-0.6.3.ebuild: ppc ppc64 s390 sparc x86-fbsd
Comment 2 Agostino Sarubbo gentoo-dev 2014-03-05 13:39:01 UTC
Arches, please test and stabilise:
Target KEYWORDS="amd64 ppc ppc64 x86".
Comment 3 Agostino Sarubbo gentoo-dev 2014-03-09 09:52:14 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-03-09 09:53:15 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-03-16 11:15:04 UTC
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-03-16 11:15:14 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 7 Johannes Huber gentoo-dev 2014-03-16 11:22:50 UTC
(In reply to Agostino Sarubbo from comment #6)
> ppc64 stable.
> Maintainer(s), please cleanup.
> Security, please vote.

Sparc keywording is missing to cleanup...
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2014-05-15 04:29:17 UTC
Maintainers, can ~sparc be keyworded so we can drop vulnerable versions:

0.5.5 & 0.6.1
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2014-06-10 00:54:54 UTC
(In reply to Yury German from comment #8)
> Maintainers, can ~sparc be keyworded so we can drop vulnerable versions:
> 0.5.5 & 0.6.1

Ping! We still need to do this, if we are to close this bug (and security hole). Thank you!
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-07-06 22:49:37 UTC
CVE-2014-0017 (
  The RAND_bytes function in libssh before 0.6.3, when forking is enabled,
  does not properly reset the state of the OpenSSL pseudo-random number
  generator (PRNG), which causes the state to be shared between children
  processes and allows local users to obtain sensitive information by
  leveraging a pid collision.
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2014-07-07 23:42:18 UTC
  07 Jul 2014; Jeroen Roovers <> -libssh-0.5.5.ebuild,
  -libssh-0.6.1.ebuild, -files/libssh-0.5.0-no-pdf-doc.patch,
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2014-07-10 04:28:31 UTC
Maintainer(s), Thank you for cleanup!

GLSA Vote: Yes
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2014-08-04 19:26:05 UTC
YES too, request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 17:18:18 UTC
This issue was resolved and addressed in
 GLSA 201408-03 at
by GLSA coordinator Mikle Kolyada (Zlogene).