Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0856 beaker security update 10 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: beaker Publisher: Debian Operating System: Debian GNU/Linux 6 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-3458 Original Bulletin: http://www.debian.org/security/2012/dsa-2541 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running beaker check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 security@debian.org http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : beaker Vulnerability : information disclosure Problem type : remote Debian-specific: no CVE ID : CVE-2012-3458 Debian Bug : 684890 It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto. After applying this update, existing sessions will be invalidated. For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1. For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1. We recommend that you upgrade your beaker packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBKQM8ACgkQYy49rUbZzlqtCACfQ/8IrKLutI2FJ0WdOb/hn5J9 RDMAoIVtEWqnuCTrf5Upo0VVXz03lZqZ =bxKK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUE2GXu4yVqjM2NGpAQIK8g/+N0BexZyjNqmzoTxPgvCpxI2Ahpfw1Y/V 591QUYAMtHsx2oJYArwxdyB+p/LLKvTemjBjghTqg6/bCEMHXZrlW7wjJIASbur7 52LVUVQOEzd0UiVaYIPwdl2vY0ZHs2MMNn23AYJK/pXJguMStH0KT6MEY6yaGdgo hSFTuwncwab2s8BPhlUGJxaENoMv+ISvPXS0Iflcadsm9HfI+TycoA44JqvZqedq yExGIieURB0q1PJxhgcF2SoD9t553bzDT71rmJLp6BWz/7H6bo6HYxPukRU/EvYe EMdWCAPzNEubjRJVKIs+ot4HBbQq7XYNHh1LrSjeJitejKNIpeTplOkH1A0ebvF9 WbTutOSbGZfdNG95TP9lQ2SMUENsL0s8hsZK8RuOtj71K3fxZALPMzVNO3++U0Iu 2nVuFOpYlVN0t4V6V/OtJ4wV+2zuP4py4zDrjkNcm8WSVosCIAxFPs5MoumjFaJq kg7uTCVxIrn0GOFm9myNaSxUHB4lvtmD7DYhi99jtdGR4G4wasbOBTYEron+Heid RBttL0YKppqWc+5bLNnEMFzN+QUsAizDjQghflugs80EfQ9aGT1+KBiPLZvU2SkX uDZ3bA5GWyKt3M1yKfg5BGnOpE9XKkv03lPF4q0MRquRDD1W7XGJ1U5wCmZG7j4Z 44gFyfuaOHg= =GDh5 -----END PGP SIGNATURE-----