Advisories » MGASA-2017-0032

Updated python-pycrypto packages fix security vulnerabilities

Publication date: 02 Feb 2017
Modification date: 02 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2013-7459

Description

This is a security fix for a possible Buffer overflow.
AES.new with invalid parameter crashes python.
The IV parameter is currently ignored when initializing a cipher in ECB
or CTR mode.
There was a bug in pycrypto which could be exploited to get a shell.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20031
• http://openwall.com/lists/oss-security/2016/12/27/8
• https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
• https://marc.info/?l=oss-security&m=148280482630855&w=2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459

SRPMS

5/core

• python-pycrypto-2.6.1-6.1.mga5