Nome do pacote
python-pycrypto
Data
2012-07-27
ID Alerta
MDVSA-2012:117
Versões afetadas
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in python-pycrypto:

PyCrypto before 2.6 does not produce appropriate prime numbers when
using an ElGamal scheme to generate a key, which reduces the signature
space or public key space and makes it easier for attackers to conduct
brute force attacks to obtain the private key (CVE-2012-2417).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 f9d5014592f76e6774fb88e349074b68  mes5/i586/pycrypto-2.0.1-3.3mdvmes5.2.i586.rpm 
 e833decc6f1f52d25dc72be1bf845bd6  mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm

2011 i586

 6172bb25eb289a81b12509bd3ef1d4a9  2011/i586/python-pycrypto-2.3-3.1-mdv2011.0.i586.rpm 
 4075a2f644f897d1622f141d79c2b18c  2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm

MES5 x86_64

 69e203abd4c4d400031e1fd516c0ff83  mes5/x86_64/pycrypto-2.0.1-3.3mdvmes5.2.x86_64.rpm 
 e833decc6f1f52d25dc72be1bf845bd6  mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm

2011 x86_64

 d19fa50bcb90f639a18dcedd65bafc00  2011/x86_64/python-pycrypto-2.3-3.1-mdv2011.0.x86_64.rpm 
 4075a2f644f897d1622f141d79c2b18c  2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm

Referências