MGASA-2012-0194
Date: | August 2nd, 2012 |
Affected releases: | 1, 2 |
Description:
Updated python-pycrypto package fixes security vulnerability:
PyCrypto before 2.6 does not produce appropriate prime numbers when
using an ElGamal scheme to generate a key, which reduces the signature
space or public key space and makes it easier for attackers to conduct
brute force attacks to obtain the private key (CVE-2012-2417).
Note: any ElGamal keys that have previously been generated by PyCrypto
should be regenerated after installing this update.
Updated Packages:
Mageia 1:
python-pycrypto-2.3-2.1.mga1
Mageia 2:
python-pycrypto-2.3-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2417
http://www.ubuntu.com/usn/usn-1484-1/
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:117
https://bugs.mageia.org/show_bug.cgi?id=6879