Advisories » MGASA-2016-0011

Updated python-rsa packages fix security vulnerability

Publication date: 12 Jan 2016
Modification date: 12 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1494

Description

A signature forgery vulnerability in python-rsa allows an attacker to fake
signatures for arbitrary messages for any key with a low exponent "e",
such as the common value of 3 (CVE-2016-1494).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17451
• https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
• http://openwall.com/lists/oss-security/2016/01/05/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1494

SRPMS

5/core

• python-rsa-3.1.4-6.1.mga5