http://bugzilla.opensuse.org/show_bug.cgi?id=1206731 Bug ID: 1206731 Summary: VUL-0: CVE-2021-4238: rio, terraform, traefik1.7, terraform-provider-openstack: Masterminds/goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/351979/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: dmaiocchi@suse.com Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de CC: alexandre.vicenzi@suse.com, opensuse_buildservice@ojkastl.de, thomasbechtold@jpberlin.de Found By: Security Response Team Blocker: --- rh#2156729 Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. References: https://bugzilla.redhat.com/show_bug.cgi?id=2156729 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4238 https://www.cve.org/CVERecord?id=CVE-2021-4238 https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8... https://pkg.go.dev/vuln/GO-2022-0411 -- You are receiving this mail because: You are on the CC list for the bug.