ALAS-2013-243


Amazon Linux AMI Security Advisory: ALAS-2013-243
Advisory Release Date: 2014-09-16 21:51 Pacific
Severity: Low
References: CVE-2013-1445 

Issue Overview:

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.


Affected Packages:

python-crypto


Issue Correction:
Run yum update python-crypto to update your system.

New Packages:
i686:
    python-crypto-debuginfo-2.6.1-1.7.amzn1.i686
    python-crypto-2.6.1-1.7.amzn1.i686

src:
    python-crypto-2.6.1-1.7.amzn1.src

x86_64:
    python-crypto-debuginfo-2.6.1-1.7.amzn1.x86_64
    python-crypto-2.6.1-1.7.amzn1.x86_64