DSA-2541-1 beaker -- information disclosureID: oval:org.secpod.oval:def:600879 | Date: (C)2012-09-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto. After applying this update, existing sessions will be invalidated.
Product: |
python-beaker |
python3-beaker |