{"containers":{"cna":{"affected":[{"product":"OpenSSL","vendor":"OpenSSL","versions":[{"status":"affected","version":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"}]}],"credits":[{"lang":"en","value":"Matt Caswell"}],"datePublic":"2019-09-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)."}],"metrics":[{"other":{"content":{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Low","value":"Low"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"Random Number Generation","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-10-20T21:14:59.000Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"name":"FEDORA-2019-d15aac6c4e","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"},{"name":"FEDORA-2019-d51641f152","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"},{"name":"20191001 [SECURITY] [DSA 4539-1] openssl security update","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Oct/1"},{"name":"DSA-4539","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2019/dsa-4539"},{"name":"USN-4376-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/4376-1/"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openssl.org/news/secadv/20190910.txt"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20190919-0002/"},{"tags":["x_refsource_CONFIRM"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.f5.com/csp/article/K44070243"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&amp%3Butm_medium=RSS"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"title":"Fork Protection","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2019-09-10","ID":"CVE-2019-1549","STATE":"PUBLIC","TITLE":"Fork Protection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":"Matt Caswell"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Low","value":"Low"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Random Number Generation"}]}]},"references":{"reference_data":[{"name":"FEDORA-2019-d15aac6c4e","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"},{"name":"FEDORA-2019-d51641f152","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"},{"name":"20191001 [SECURITY] [DSA 4539-1] openssl security update","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Oct/1"},{"name":"DSA-4539","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4539"},{"name":"USN-4376-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/4376-1/"},{"name":"https://www.oracle.com/security-alerts/cpuapr2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"name":"https://www.oracle.com/security-alerts/cpujul2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"name":"https://www.openssl.org/news/secadv/20190910.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20190910.txt"},{"name":"https://security.netapp.com/advisory/ntap-20190919-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190919-0002/"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"},{"name":"https://support.f5.com/csp/article/K44070243","refsource":"CONFIRM","url":"https://support.f5.com/csp/article/K44070243"},{"name":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS","refsource":"CONFIRM","url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS"},{"name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T18:20:27.666Z"},"title":"CVE Program Container","references":[{"name":"FEDORA-2019-d15aac6c4e","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"},{"name":"FEDORA-2019-d51641f152","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"},{"name":"20191001 [SECURITY] [DSA 4539-1] openssl security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Oct/1"},{"name":"DSA-4539","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4539"},{"name":"USN-4376-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/4376-1/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.openssl.org/news/secadv/20190910.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20190919-0002/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.f5.com/csp/article/K44070243"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.f5.com/csp/article/K44070243?utm_source=f5support&amp%3Butm_medium=RSS"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}]}]},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2019-1549","datePublished":"2019-09-10T16:58:35.361Z","dateReserved":"2018-11-28T00:00:00.000Z","dateUpdated":"2024-09-16T22:56:57.501Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}