Summary: | <dev-python/pycrypto-2.6.1 : PRNG not correctly reseeded in some situations (CVE-2013-1445) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1020814 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-19 18:29:34 UTC
+ 20 Oct 2013; Dirkjan Ochtman <djc@gentoo.org> +pycrypto-2.6.1.ebuild: + Version bump pycrypto for bug 488630. This should be fine for stabilization. CVE-2013-1445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1445): The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. (In reply to Dirkjan Ochtman from comment #1) > + 20 Oct 2013; Dirkjan Ochtman <djc@gentoo.org> +pycrypto-2.6.1.ebuild: > + Version bump pycrypto for bug 488630. > > This should be fine for stabilization. Good. Arches, please test and mark stable =dev-python/pycrypto-2.6.1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 / x86 stable ppc stable alpha stable ppc64 stable arm stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup done. Cleanup completed Awaiting GLSA Vote Thanks, everyone GLSA vote: no GLSA vote: no. Closing noglsa. |