Advisories » MGASA-2024-0304

Updated tgt packages fix security vulnerability

Publication date: 16 Sep 2024
Modification date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45751

Description

tgt (aka Linux target framework) before 1.0.93 attempts to achieve
entropy by calling rand without srand. The PRNG seed is always 1, and
thus the sequence of challenges is always identical. (CVE-2024-45751)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33545
• https://www.openwall.com/lists/oss-security/2024/09/07/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45751

SRPMS

9/core

• tgt-1.0.85-1.1.mga9