No problem Venkatesh.
No, I don't know how to generate entropy in Apache because I think Apache
uses the system entropy.
You can check how many are available via: "cat
/proc/sys/kernel/random/entropy_avail".
Under the system I know of two different packages, one *rngd *and the other
*haveged.*
Thanks Dewitt for your inputs.
Will check from system perspective how to generate more entropy and resolve
this issue.
Do you know, how to generate more entropy in system or via apache so that
it can never be deprived of entropy?
With Regards,
Venkatesh
On Thu, Sep 23, 2021 at 8:46 PM Otis
Hmm I see, I not sure why you did not get this right away when switching
from openssl to openssl-fips because FIPS require a lot of entropy
and if this is on VMWARE, that has very poor entropy unless you use entropy
generator like "*haveged*" or load *virtio_rng *kernel module.
As I said before I
On 09/23, Ran Mozes wrote:
> to find out about CVEs you can follow the related links from the NVD site. In
> the case of CVE-2021-40438 it led me to
> https://src.fedoraproject.org/rpms/httpd#817ac0a9a475f26768e49342e055307368258b74
> there you could dig so more to find information about the
>
to find out about CVEs you can follow the related links from the NVD site. In
the case of CVE-2021-40438 it led me to
https://src.fedoraproject.org/rpms/httpd#817ac0a9a475f26768e49342e055307368258b74
there you could dig so more to find information about the
users/commits/contents.
HTH
> Am
On Thu, Sep 23, 2021 at 12:41:10PM +0200, Riccardo Schirone wrote:
> On 09/23, pgajdos wrote:
> > On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote:
> > > I'm trying to gather more information about CVE-2021-40438,
> > > CVE-2021-39275,
> > > CVE-2021-36160, CVE-2021-34798 that
On 09/23, pgajdos wrote:
> On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote:
> > I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275,
> > CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49.
> > The
> > CHANGES file and the security
On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote:
> I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275,
> CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. The
> CHANGES file and the security page on the website just contain very
Hi,
I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275,
CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. The
CHANGES file and the security page on the website just contain very short
descriptions of the flaws.
I'd like to know what are the
