ALAS-2013-243 ---- python-cryptoID: oval:org.secpod.oval:def:1600275 | Date: (C)2016-05-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
Platform: |
Amazon Linux AMI |