GLSA-201206-23 : PyCrypto: Weak key generation
Medium Nessus Plugin ID 59676
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201206-23 (PyCrypto: Weak key generation)
An error in the generate() function in ElGamal.py causes PyCrypto to generate weak ElGamal keys.
A remote attacker might be able to derive private keys.
There is no known workaround at this time.
SolutionAll PyCrypto users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/pycrypto-2.6'