--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-8fd21e2a72
2018-09-07 16:13:59.187757
--------------------------------------------------------------------------------
Name : python-pycryptodomex
Product : Fedora 28
Version : 3.6.6
Release : 1.fc28
URL :
http://www.pycryptodome.org/
Summary : A self-contained cryptographic library for Python
Description :
PyCryptodome is a self-contained Python package of low-level
cryptographic primitives. It's a fork of PyCrypto. It brings several
enhancements with respect to the last official version of PyCrypto
(2.6.1), for instance:
* Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
* Accelerated AES on Intel platforms via AES-NI
* Elliptic curves cryptography (NIST P-256 curve only)
* Better and more compact API (nonce and iv attributes for ciphers,
automatic generation of random nonces and IVs, simplified CTR
cipher mode, and more)
* SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
* Salsa20 and ChaCha20 stream ciphers
* scrypt and HKDF
* Deterministic (EC)DSA
* Password-protected PKCS#8 key containers
* Shamir���s Secret Sharing scheme
* Random numbers get sourced directly from the OS (and not from a
CSPRNG in userspace)
* Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
* Major clean ups and simplification of the code base
PyCryptodome is not a wrapper to a separate C library like OpenSSL. To
the largest possible extent, algorithms are implemented in pure
Python. Only the pieces that are extremely critical to performance
(e.g. block ciphers) are implemented as C extensions.
Note: all modules are installed under the Cryptodome package to avoid
conflicts with the PyCrypto library.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-15560
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 28 2018 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.6.6-1
- Update to 3.6.6 (fix CVE-2018-15560)
* Fri Aug 3 2018 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.6.4-1
- Update to 3.6.4
* Tue Jun 19 2018 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.6.2-1
- Update to 3.6.2
* Mon Jun 4 2018 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.6.1-1
- Update to 3.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1623060 - CVE-2018-15560 python-pycryptodomex: Integer overflow in he
data_len variable in AESNI.c
https://bugzilla.redhat.com/show_bug.cgi?id=1623060
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-8fd21e2a72' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------