Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:262)

Medium Nessus Plugin ID 70681


The remote Mandriva Linux host is missing a security update.


Updated python-pycrypto package fixes security vulnerability :

In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator (PRNG) exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers (CVE-2013-1445).


Update the affected python-pycrypto package.

See Also

Plugin Details

Severity: Medium

ID: 70681

File Name: mandriva_MDVSA-2013-262.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2013/10/29

Modified: 2013/11/25

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:python-pycrypto, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/10/28

Reference Information

CVE: CVE-2013-1445

BID: 63201

MDVSA: 2013:262