CVE 2012-4571
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
Related bugs and status
CVE-2012-4571 (Candidate) is related to these bugs:
Bug #1004845: python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long))
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu) | Undecided | Fix Released | ||
| 1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Debian) | Unknown | Fix Released | ||
| 1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1031465: ~/crypted_pass.cfg created with insecure permissions
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu) | Undecided | Fix Released | ||
| 1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Precise) | Undecided | Fix Released | ||
| 1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Raring) | Undecided | Fix Released | ||
Bug #1042754: syncpackage: fails with JSON error in chroot
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu) | Undecided | Fix Released | ||
| 1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Precise) | Undecided | Fix Released | ||
| 1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Raring) | Undecided | Fix Released | ||
| 1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1042754 | syncpackage: fails with JSON error in chroot | Python Keyring | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
