[3.1] gcc: Predictable randomness from std::random_device (CVE-2015-5276)
The std::random_device class in libstdc
in the GNU Compiler Collection (aka GCC) before 4.9.4 does not
properly
handle short reads from blocking sources, which makes it easier for
context-dependent attackers to predict the random values via unspecified
vectors.
The issue is fixed in 4.9.4 and 5.3
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5276
https://gcc.gnu.org/bugzilla/show\_bug.cgi?id=65142
Upstream commit:
https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687
https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227872
(from redmine: issue id 5460, created on 2016-04-20, closed on 2016-06-14)
- Relations:
- parent #5458 (closed)