It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys. Updated packages are available from security.debian.org.
========================================================================== Ubuntu Security Notice USN-1484-1 June 28, 2012 python-crypto vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: PyCrypto improperly created ElGamal encryption keys. Software Description: - python-crypto: cryptographic algorithms and protocols for Python Details: It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: python-crypto 2.4.1-1ubuntu0.1 Ubuntu 11.10: python-crypto 2.3-2ubuntu0.1 Ubuntu 11.04: python-crypto 2.1.0-2ubuntu1.1 Ubuntu 10.04 LTS: python-crypto 2.0.1+dfsg1-4ubuntu2.2 In general, a standard system update will make all the necessary changes. If PyCrypto was used to generate ElGamal keys, we recommend they be regenerated. References: http://www.ubuntu.com/usn/usn-1484-1 CVE-2012-2417 Package Information: https://launchpad.net/ubuntu/+source/python-crypto/2.4.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python-crypto/2.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/python-crypto/2.1.0-2ubuntu1.1 https://launchpad.net/ubuntu/+source/python-crypto/2.0.1+dfsg1-4ubuntu2.2