Candidate: CVE-2013-2213 PublicDate: 2020-02-11 20:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2213 http://openwall.com/lists/oss-security/2013/06/26/1 http://openwall.com/lists/oss-security/2013/06/26/2 Description: The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. Ubuntu-Description: Notes: seth-arnold> This CVE is for an incomplete fix for CVE-2013-2120, which means that it only really applies to packages where the upstream fix for CVE-2013-2120 was used. I believe that is only raring-proposed as of 2013-06-26, but I'm marking this needed for all releases, to ensure the incorrect fix is not used alone. Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=978243 Priority: low Discovered-by: Michael Samuel Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [5.5 MEDIUM] Patches_kdeplasma-addons: upstream_kdeplasma-addons: released (4.10.80) lucid_kdeplasma-addons: ignored (reached end-of-life) precise_kdeplasma-addons: ignored (reached end-of-life) precise/esm_kdeplasma-addons: DNE (precise was needed) quantal_kdeplasma-addons: ignored (reached end-of-life) raring_kdeplasma-addons: ignored (reached end-of-life) saucy_kdeplasma-addons: ignored (reached end-of-life) trusty_kdeplasma-addons: not-affected (4:4.13.3-0ubuntu0.1) trusty/esm_kdeplasma-addons: not-affected (4:4.13.3-0ubuntu0.1) utopic_kdeplasma-addons: ignored (reached end-of-life) vivid_kdeplasma-addons: ignored (reached end-of-life) vivid/stable-phone-overlay_kdeplasma-addons: DNE vivid/ubuntu-core_kdeplasma-addons: DNE wily_kdeplasma-addons: ignored (reached end-of-life) xenial_kdeplasma-addons: not-affected (4:5.5.5-0ubuntu1) yakkety_kdeplasma-addons: ignored (reached end-of-life) zesty_kdeplasma-addons: not-affected (4:5.9.5-0ubuntu0.1) devel_kdeplasma-addons: not-affected (4:5.10.5-0ubuntu1)