Debian Security Advisory

DSA-2541-1 beaker -- information disclosure

Date Reported:
07 Sep 2012
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 684890.
In Mitre's CVE dictionary: CVE-2012-3458.
More information:

It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode.

Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto.

After applying this update, existing sessions will be invalidated.

For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1.

For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1.

We recommend that you upgrade your beaker packages.