Candidate: CVE-2014-0016
PublicDate: 2014-03-24 16:31:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0016
 http://www.openwall.com/lists/oss-security/2014/03/05/1
Description:
 stunnel before 5.00, when using fork threading, does not properly update
 the state of the OpenSSL pseudo-random number generator (PRNG), which
 causes subsequent children with the same process ID to use the same entropy
 pool and allows remote attackers to obtain private keys for EC (ECDSA) or
 DSA certificates.
Ubuntu-Description:
Notes:
 ebarretto> Not affected since deb package compiled with
 ebarretto> --with-threads=pthread
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1072180
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_stunnel4:
upstream_stunnel4: released (3:5.01-1)
lucid_stunnel4: ignored (reached end-of-life)
precise_stunnel4: ignored (reached end-of-life)
precise/esm_stunnel4: DNE (precise was needs-triage)
quantal_stunnel4: ignored (reached end-of-life)
saucy_stunnel4: ignored (reached end-of-life)
trusty_stunnel4: not-affected
trusty/esm_stunnel4: not-affected
utopic_stunnel4: released (3:5.02-1)
vivid_stunnel4: released (3:5.02-1)
vivid/stable-phone-overlay_stunnel4: DNE
vivid/ubuntu-core_stunnel4: DNE
wily_stunnel4: released (3:5.02-1)
xenial_stunnel4: released (3:5.02-1)
yakkety_stunnel4: released (3:5.02-1)
zesty_stunnel4: released (3:5.02-1)
artful_stunnel4: released (3:5.02-1)
bionic_stunnel4: released (3:5.02-1)
devel_stunnel4: released (3:5.02-1)