[SECURITY] Fedora 23 Update: python-rsa-3.3-2.fc23
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jan 22 02:25:01 UTC 2016
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-70edfbbcef
2016-01-21 21:59:51.221200
--------------------------------------------------------------------------------
Name : python-rsa
Product : Fedora 23
Version : 3.3
Release : 2.fc23
URL : http://stuvel.eu/rsa
Summary : Pure-Python RSA implementation
Description :
Python-RSA is a pure-Python RSA implementation. It supports encryption
and decryption, signing and verifying signatures, and key generation
according to PKCS#1 version 1.5. It can be used as a Python library as
well as on the command-line.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2016-1494
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295871 - CVE-2016-1494 python-rsa: Signature forgery using Bleichenbacher'06 attack [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1295871
[ 2 ] Bug #1295870 - CVE-2016-1494 python-rsa: Signature forgery using Bleichenbacher'06 attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1295870
[ 3 ] Bug #1298335 - python-rsa-3.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1298335
[ 4 ] Bug #1297222 - Old version with security issues, please approve ACL
https://bugzilla.redhat.com/show_bug.cgi?id=1297222
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-rsa' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list