CVE-2015-0285

Priority
Description
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a
does not ensure that the PRNG is seeded before proceeding with a handshake,
which makes it easier for remote attackers to defeat cryptographic
protection mechanisms by sniffing the network and then conducting a
brute-force attack.
Notes
mdeslaur1.0.2 only
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
More Information

Updated: 2020-01-29 19:51:08 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)