From Mageia wiki
Jump to: navigation, search

MGASA-2012-0194

Date: August 2nd, 2012
Affected releases: 1, 2


Description:
Updated python-pycrypto package fixes security vulnerability:

PyCrypto before 2.6 does not produce appropriate prime numbers when
using an ElGamal scheme to generate a key, which reduces the signature
space or public key space and makes it easier for attackers to conduct
brute force attacks to obtain the private key (CVE-2012-2417).

Note: any ElGamal keys that have previously been generated by PyCrypto
should be regenerated after installing this update.


Updated Packages:
Mageia 1:
python-pycrypto-2.3-2.1.mga1

Mageia 2:
python-pycrypto-2.3-2.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2417
http://www.ubuntu.com/usn/usn-1484-1/
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:117
https://bugs.mageia.org/show_bug.cgi?id=6879