DescriptionOpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)stretch (security), stretch1.1.0l-1~deb9u1fixed
buster, buster (security)1.1.1d-0+deb10u3fixed
bullseye, sid1.1.1g-1fixed
openssl1.0 (PTS)stretch (security), stretch1.0.2u-1~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcejessie(not affected)
opensslsourcestretch(not affected)
openssl1.0source(unstable)(not affected)


[stretch] - openssl <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c)
[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c)
- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c);a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be

Search for package or bug name: Reporting problems