Summary
The remote host is missing an update to beaker
announced via advisory DSA 2541-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202541-1
Insight
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode.
Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-crypto.
After applying this update, existing sessions will be invalidated.
For the stable distribution (squeeze), this problem has been fixed in version 1.5.4-4+squeeze1.
For the testing distribution (wheezy), and the unstable distribution (sid), this problem has been fixed in version 1.6.3-1.1.
We recommend that you upgrade your beaker packages.
Severity
Classification
-
CVE CVE-2012-3458 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities