Amazon Linux 1 Security Advisory: ALAS-2013-243
Advisory Release Date: 2013-11-03 12:09 Pacific
Advisory Updated Date: 2014-09-16 21:51 Pacific
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
Affected Packages:
python-crypto
Issue Correction:
Run yum update python-crypto to update your system.
i686:
python-crypto-debuginfo-2.6.1-1.7.amzn1.i686
python-crypto-2.6.1-1.7.amzn1.i686
src:
python-crypto-2.6.1-1.7.amzn1.src
x86_64:
python-crypto-debuginfo-2.6.1-1.7.amzn1.x86_64
python-crypto-2.6.1-1.7.amzn1.x86_64