openssh-CVE-2011-4327 A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv Upstream-Status: Pending Signed-off-by: Li Wang