MDVSA-2012:117
- Package name
- python-pycrypto
- Date
- 2012-07-27
- Advisory ID
- MDVSA-2012:117
- Affected versions
- MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64
Problem description
A vulnerability has been discovered and corrected in python-pycrypto:
PyCrypto before 2.6 does not produce appropriate prime numbers when
using an ElGamal scheme to generate a key, which reduces the signature
space or public key space and makes it easier for attackers to conduct
brute force attacks to obtain the private key (CVE-2012-2417).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
f9d5014592f76e6774fb88e349074b68 mes5/i586/pycrypto-2.0.1-3.3mdvmes5.2.i586.rpm e833decc6f1f52d25dc72be1bf845bd6 mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm
2011 i586
6172bb25eb289a81b12509bd3ef1d4a9 2011/i586/python-pycrypto-2.3-3.1-mdv2011.0.i586.rpm 4075a2f644f897d1622f141d79c2b18c 2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm
MES5 x86_64
69e203abd4c4d400031e1fd516c0ff83 mes5/x86_64/pycrypto-2.0.1-3.3mdvmes5.2.x86_64.rpm e833decc6f1f52d25dc72be1bf845bd6 mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm
2011 x86_64
d19fa50bcb90f639a18dcedd65bafc00 2011/x86_64/python-pycrypto-2.3-3.1-mdv2011.0.x86_64.rpm 4075a2f644f897d1622f141d79c2b18c 2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm