Updated python-ecdsa packages fix security vulnerabilities
Publication date: 05 Jan 2020Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14853 , CVE-2019-14859
Description
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service (CVE-2019-14853). It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks (CVE-2019-14859).
References
SRPMS
7/core
- python-ecdsa-0.13.3-1.mga7