It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto. After applying this update, existing sessions will be invalidated. For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1. For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1. We recommend that you upgrade your beaker packages.
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode.
Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto.
After applying this update, existing sessions will be invalidated.
For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1.
For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1.
We recommend that you upgrade your beaker packages.
Vulmon