2012/9/7, Raphael Geissert <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2541-1 [email protected] > http://www.debian.org/security/ Raphael Geissert > September 07, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : beaker > Vulnerability : information disclosure > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-3458 > Debian Bug : 684890 > > It was discovered that Beaker, a cache and session library for Python, > when using the python-crypto backend, is vulnerable to information > disclosure due to a cryptographic weakness related to the use of the > AES cipher in ECB mode. > > Systems that have the python-pycryptopp package should not be > vulnerable, as this backend is preferred over python-crypto. > > After applying this update, existing sessions will be invalidated. > > For the stable distribution (squeeze), this problem has been fixed in > version 1.5.4-4+squeeze1. > > For the testing distribution (wheezy), and the unstable distribution > (sid), this problem has been fixed in version 1.6.3-1.1. > > We recommend that you upgrade your beaker packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iEYEARECAAYFAlBKQM8ACgkQYy49rUbZzlqtCACfQ/8IrKLutI2FJ0WdOb/hn5J9 > RDMAoIVtEWqnuCTrf5Upo0VVXz03lZqZ > =bxKK > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAOuvHzsvNE=mg94qdmvyjbca0rublvzv6uy1oh3jhdhjwgk...@mail.gmail.com
