python-crypto throws exception ValueError: CTR mode needs counter parameter, not IV
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Charm Test Infra |
Fix Released
|
Critical
|
Ryan Beisner | ||
python-crypto (Ubuntu) |
Fix Released
|
Critical
|
Unassigned |
Bug Description
We've recently upgraded python-crypto package on 14.04 due to this USN https:/
apt history log
```
Start-Date: 2017-02-16 23:43:48
Commandline: apt-get -q -y -o DPkg::Options:
Upgrade: bind9-host:amd64 (9.9.5.
End-Date: 2017-02-16 23:43:52
```
Then our python script which uses paramiko failed with this exception
```
Traceback (most recent call last):
File "/usr/local/
self.
File "/usr/local/
return self._parse_
File "/usr/local/
self.
File "/usr/local/
engine = self._get_
File "/usr/local/
return self._cipher_
File "/usr/lib/
return AESCipher(key, *args, **kwargs)
File "/usr/lib/
blockalgo.
File "/usr/lib/
self._cipher = factory.new(key, *args, **kwargs)
ValueError: CTR mode needs counter parameter, not IV
```
packages versions
```
pycrypto==2.6.1
paramiko==1.12.0
```
which works okay BEFORE the upgrade.
Maybe Debian bug report: https:/
CVE References
Changed in python-crypto (Ubuntu): | |
importance: | Undecided → Critical |
tags: | added: trusty |
Changed in charm-test-infra: | |
status: | Confirmed → Fix Released |
Changed in charm-test-infra: | |
milestone: | none → 17.05 |
Status changed to 'Confirmed' because the bug affects multiple users.