Advisories ยป MGASA-2017-0032

Updated python-pycrypto packages fix security vulnerabilities

Publication date: 02 Feb 2017
Modification date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2013-7459

Description

This is a security fix for a possible Buffer overflow.
AES.new with invalid parameter crashes python.
The IV parameter is currently ignored when initializing a cipher in ECB
or CTR mode.
There was a bug in pycrypto which could be exploited to get a shell.
                

References

SRPMS

5/core