Advisories ยป MGASA-2020-0364

Updated python-rsa packages fix security vulnerability

Publication date: 06 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13757

Description

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of
ciphertext. This could conceivably have a security-relevant impact, e.g.,
by helping an attacker to infer that an application uses Python-RSA, or if
the length of accepted ciphertext affects application behavior (such as by
causing excessive memory allocation). (CVE-2020-13757)
                

References

SRPMS

7/core