CVE-2012-2417
Published: 16 June 2012
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
Priority
Status
Package | Release | Status |
---|---|---|
python-crypto Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.0.1+dfsg1-4ubuntu2.2)
|
|
natty |
Released
(2.1.0-2ubuntu1.1)
|
|
oneiric |
Released
(2.3-2ubuntu0.1)
|
|
precise |
Released
(2.4.1-1ubuntu0.1)
|
|
upstream |
Released
(2.6)
|
|
Patches: upstream: https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2 upstream: https://github.com/Legrandin/pycrypto/commit/8c94c6f5ce5f579e9b896f32bac5dd3ff639fb5c upstream: https://github.com/Legrandin/pycrypto/commit/c575de4f1815137a5800076ca669da911f4fd84d vendor: http://www.debian.org/security/2012/dsa-2502 |