Bug ID 1206731
Summary VUL-0: CVE-2021-4238: rio, terraform, traefik1.7, terraform-provider-openstack: Masterminds/goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.4
Hardware Other
URL https://smash.suse.de/issue/351979/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Security
Assignee dmaiocchi@suse.com
Reporter thomas.leroy@suse.com
QA Contact security-team@suse.de
CC alexandre.vicenzi@suse.com, opensuse_buildservice@ojkastl.de, thomasbechtold@jpberlin.de
Found By Security Response Team
Blocker --- 

rh#2156729

Randomly-generated alphanumeric strings contain significantly less entropy than
expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always
return strings containing at least one digit from 0 to 9. This significantly
reduces the amount of entropy in short strings generated by these functions.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2156729
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4238
https://www.cve.org/CVERecord?id=CVE-2021-4238
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
https://pkg.go.dev/vuln/GO-2022-0411

You are receiving this mail because: