Re: [SECURITY] [DSA 2541-1] beaker security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2541-1] beaker security update
From: armando arena <armando.arena56@gmail.com>
Date: Sat, 8 Sep 2012 17:36:14 +0200
Message-id: <[🔎] CAOuvHzsvNE=MG94qDmVyJbcA0ruBLVzV6Uy1oH3JHdhjwGkrXw@mail.gmail.com>
In-reply-to: <201209071345.40751.geissert@debian.org>
References: <201209071345.40751.geissert@debian.org>

2012/9/7, Raphael Geissert <geissert@debian.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2541-1                   security@debian.org
> http://www.debian.org/security/                          Raphael Geissert
> September 07, 2012                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : beaker
> Vulnerability  : information disclosure
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2012-3458
> Debian Bug     : 684890
>
> It was discovered that Beaker, a cache and session library for Python,
> when using the python-crypto backend, is vulnerable to information
> disclosure due to a cryptographic weakness related to the use of the
> AES cipher in ECB mode.
>
> Systems that have the python-pycryptopp package should not be
> vulnerable, as this backend is preferred over python-crypto.
>
> After applying this update, existing sessions will be invalidated.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 1.5.4-4+squeeze1.
>
> For the testing distribution (wheezy), and the unstable distribution
> (sid), this problem has been fixed in version 1.6.3-1.1.
>
> We recommend that you upgrade your beaker packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAlBKQM8ACgkQYy49rUbZzlqtCACfQ/8IrKLutI2FJ0WdOb/hn5J9
> RDMAoIVtEWqnuCTrf5Upo0VVXz03lZqZ
> =bxKK
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/201209071345.40751.geissert@debian.org
>
>

Reply to:

Next by Date: Re: SELinux blocks(?) GDM in permissive mode
Next by thread: Re: SELinux blocks(?) GDM in permissive mode
Index(es):
- Date
- Thread