CVE-2012-4571

Published: 6 November 2012

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

Priority

Status

Package	Release	Status
python-keyring Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Ignored (end of life)
	oneiric	Released (0.9.2-0ubuntu0.11.10.2)
	precise	Released (0.9.2-0ubuntu0.12.04.2)
	quantal	Not vulnerable (0.9.2-1)
	raring	Not vulnerable
	saucy	Not vulnerable
	upstream	Released (0.9.2-1)

References

http://www.openwall.com/lists/oss-security/2012/10/31/8
https://ubuntu.com/security/notices/USN-1634-1
https://www.cve.org/CVERecord?id=CVE-2012-4571
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675379
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›