Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1485 python-crypto security update 21 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-crypto Publisher: Debian Operating System: Debian GNU/Linux 6 Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1445 Original Bulletin: http://www.debian.org/security/2013/dsa-2781 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running python-crypto check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2781-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 18, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : python-crypto Vulnerability : PRNG not correctly reseeded in some situations Problem type : local Debian-specific: no CVE ID : CVE-2013-1445 Debian Bug : A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all processes, which might leak sensitive values like cryptographic keys. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.0-2+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.6-4+deb7u3. For the testing distribution (jessie), this problem has been fixed in version 2.6.1-2. For the unstable distribution (sid), this problem has been fixed in version 2.6.1-1. We recommend that you upgrade your python-crypto packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSYY6gAAoJEG3bU/KmdcClrR8H/jFkzhCqg52Qyg7jpvqVmCT2 7Xc5xbkfk9zB7DNKrFD16ORnI4NzaWrj56mVz7ZkG/R1yHD8xM7m0Xb2m//EKDMu Of2YdHqmT0T4T1qZ85Se6uAlnzbwzgz3URdBsFQzKFJ59/2khzm4noZlw60OBc/J 1iWGbFu6fnMPjTrv4x3IrJohrXEK5wX8bCKx5XPHA3x7X5M1nUlHu87Oen6cFZYU 8IIc9+zj5R9j2QT4vb+UMxVkrDN6d54qQ8xYNRLpIySfasNDqStEq+8g8lLr/Jcr l9IqgKPeqaRoEyHMAF8AMV/+JIzvejwNioWgOzTIv4JSuLLlPCXG05y5fhsY1ns= =uR3G - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUmR7dhLndAQH1ShLAQJjVhAAsVxNdkKsYcpf/kIU9yo6sgFgjaCGnT4Y I2xRa/Sn+ikPgfoRsuqyBiq0tyrhBShNcir8VNrNiLiVgWLN1jb5NyVIQD0PDclx jMR33WEPEWTE85DcJ5ZuVmELmvVcVN29DsNpifsa23kPq7bAB5ldSIvo82o5G1/n hOtZOAQwcvya7bkHlyDHgf/dT6T9p2jdiHkohfDGWKfMx2lyow4EjNJpwRRkMGwB CBQJlo3c29rvx3GMut3QZ035++JGoPs+a7YSwAYxRy3XjyVo8tb6lSkOx2w5MktJ hpebMFfAhGM2GKZq7hC/nWiQ+GJpgs0M1gXUsY01BFr9i+oCnUfsz96ERzVO1rnH /QDdXCyum12rDWLxPJ8gRDFFmyg1JrFbZKY9hP8Nap153dbfqraR2HI183tiI9iw xEVOn+s9tMS3yI90MwkMAXE+/3uf0pvK7c1Yw4lzj+TGLt+0NwFAptwVi7JXokOK 6H1ZjX4OIZ6SCGqJBv+TBgJK/di9lX4CLa3HziPXFIHjRGt7Z1poertY0FRNFzHO 9SKiUskkeGZiFqCbgJj6EON9f3fPmOK+2vyJOThGxScywy+6UlitPHnJEc1Gj3N2 wrZKEkrCXko6oyTET+lmy94MucqOTsDrt4T5qZ1HpyMO40IdrUtNgaLU6e9N8G/E hheeSDbJP3U= =bNpd -----END PGP SIGNATURE-----