Packages
- python-keyring - store and access your passwords safely
Details
Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring
file format used weak cryptography. A local attacker may use this issue to
brute-force CryptedFileKeyring keyring files. This issue only affected
Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4571)
It was discovered that Python Keyring created keyring files with insecure
permissions. A local attacker could use this issue to access keyring files
belonging to other users.
Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring
file format used weak cryptography. A local attacker may use this issue to
brute-force CryptedFileKeyring keyring files. This issue only affected
Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4571)
It was discovered that Python Keyring created keyring files with insecure
permissions. A local attacker could use this issue to access keyring files
belonging to other users.
Update instructions
In general, a standard system update will make all the necessary changes. This update uses a new upstream release, which includes additional bug fixes, and will migrate existing keyring files to the new format upon first use.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 12.10 quantal | python3-keyring – 0.9.2-1ubuntu0.2 | ||
| python-keyring – 0.9.2-1ubuntu0.2 | |||
| 12.04 precise | python3-keyring – 0.9.2-0ubuntu0.12.04.2 | ||
| python-keyring – 0.9.2-0ubuntu0.12.04.2 | |||
| 11.10 oneiric | python-keyring – 0.9.2-0ubuntu0.11.10.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.