Fedora EPEL 5 Security Update: pwgen-2.07-1.el5

Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020223 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [epel-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020261 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [epel-all]<br
Update to 2.07:
* Remove backwards compatibility for no-tty mode. Addresses CVE-2013-4440
* Fail hard if /dev/urandom and /dev/random are not available. Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn’t accidentally generate passwords with ambiguous characters after changing the case of some letters. Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints are not 4 bytes long

Leave a Reply