|Description||The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|python-crypto (PTS)||squeeze, squeeze (security)||2.1.0-2+squeeze2||fixed|
|wheezy, wheezy (security)||2.6-4+deb7u3||fixed|
|stretch, sid, jessie||2.6.1-5||fixed|
The information below is based on the following data on fixed versions.