Debian Security Advisory
DSA-2541-1 beaker -- information disclosure
- Date Reported:
- 07 Sep 2012
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 684890.
In Mitre's CVE dictionary: CVE-2012-3458.
- More information:
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode.
Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto.
After applying this update, existing sessions will be invalidated.
For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1.
For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1.
We recommend that you upgrade your beaker packages.