Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-1445

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Source

ALAS-2013-243

Amazon Linux AMI Security Advisory: ALAS-2013-243
Advisory Release Date: 2013-11-03 12:09 Pacific
Advisory Updated Date: 2014-09-16 21:51 Pacific

Severity: Low

References: CVE-2013-1445

Issue Overview:

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Affected Packages:

python-crypto

Issue Correction:
Run yum update python-crypto to update your system.

New Packages:

i686:
    python-crypto-debuginfo-2.6.1-1.7.amzn1.i686
    python-crypto-2.6.1-1.7.amzn1.i686

src:
    python-crypto-2.6.1-1.7.amzn1.src

x86_64:
    python-crypto-debuginfo-2.6.1-1.7.amzn1.x86_64
    python-crypto-2.6.1-1.7.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2013-243

ALAS-2013-243

Vulmon Search

About

Products

Connect