-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-08207fe48b 2017-01-30 21:12:12.102967 --------------------------------------------------------------------------------
Name : python-crypto Product : Fedora 24 Version : 2.6.1 Release : 13.fc24 URL : http://www.pycrypto.org/ Summary : Cryptography library for Python Description : PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).
-------------------------------------------------------------------------------- Update Information:
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. This is CVE-2013-7459. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure https://bugzilla.redhat.com/show_bug.cgi?id=1409754 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade python-crypto' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------