Python Keyring Exploits Fixed in Ubuntu 12.10

Ubuntu 12.04 LTS and Ubuntu 11.10 also benefit from this fix

By on November 21st, 2012 15:16 GMT

On November 20, Canonical published details about Python Keyring vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 11.10 operating systems.

According to Canonical, several security issues were fixed in Python Keyring. It was discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography and that it created keyring files with insecure permissions.

A local attacker could have used these issues to brute-force CryptedFileKeyring keyring files or to access keyring files belonging to other users.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest python-keyring and python3-keyring packages, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments