PyCrypto: Weak key generation
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 201206-23 / pycrypto |
| Release Date |
June 24, 2012 |
| Latest Revision |
June 24, 2012: 1 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| dev-python/pycrypto |
<
2.6 |
>=
2.6 |
All supported architectures
|
Related bugreports:
#417625
Synopsis
PyCrypto generates weak ElGamal keys.
2.
Impact Information
Background
PyCrypto is the Python Cryptography Toolkit.
Description
An error in the generate() function in ElGamal.py causes PyCrypto to
generate weak ElGamal keys.
Impact
A remote attacker might be able to derive private keys.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All PyCrypto users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.6"
|
4.
References
|
