Nutzer von 11-CURRENT sollten so schnell es geht eine aktuelle Version bauen und alle Crypto-Keys neu generieren:
-STABLE und -RELEASEs sind davon nicht betroffen.
Code:
If you are running a current kernel r273872 or later, please upgrade
your kernel to r278907 or later immediately and regenerate keys.
I discovered an issue where the new framework code was not calling
randomdev_init_reader, which means that read_random(9) was not returning
good random data. read_random(9) is used by arc4random(9) which is
the primary method that arc4random(3) is seeded from.
This means most/all keys generated may be predictable and must be
regenerated. This includes, but not limited to, ssh keys and keys
generated by openssl. This is purely a kernel issue, and a simple
kernel upgrade w/ the patch is sufficient to fix the issue.
-STABLE und -RELEASEs sind davon nicht betroffen.