Upstream information

CVE-2012-2417 at MITRE


PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Note from the SUSE Security Team

python-crypto is only included starting SUSE Linux Enterprise 11 and will receive updates for this problem.

SUSE Bugzilla entry: 764127 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • python-crypto >= 2.0.1-28.20.1
SAT Patch Nr: 6478
openSUSE 11.4
  • python-crypto >= 2.3-6.1
  • python-crypto-debuginfo >= 2.3-6.1
openSUSE 13.2
  • python-pycrypto >= 2.6.1-3.1.4
openSUSE 13.2 GA python-pycrypto
openSUSE Leap 42.1
  • python-pycrypto >= 2.6.1-4.1
openSUSE Leap 42.1 GA python-pycrypto
openSUSE Leap 42.2
  • python-pycrypto >= 2.6.1-5.3
  • python3-pycrypto >= 2.6.1-4.3
openSUSE Leap 42.2 GA python-pycrypto