Advisories » MGASA-2013-0319

Updated python-pycrypto packages fix CVE-2013-1445

Publication date: 25 Oct 2013
Modification date: 25 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1445

Description

Updated python-pycrypto package fixes security vulnerability:

In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number
generator (PRNG) exhibits a race condition that may cause it to generate
the same 'random' output in multiple processes that are forked from each
other.  Depending on the application, this could reveal sensitive
information or cryptographic keys to remote attackers (CVE-2013-1445).
                

References

• http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html
• https://bugs.mageia.org/show_bug.cgi?id=11491
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1445

SRPMS

2/core

• python-pycrypto-2.3-2.2.mga2

3/core

• python-pycrypto-2.6-2.1.mga3