Advisories » MGASA-2020-0364

Updated python-rsa packages fix security vulnerability

Publication date: 06 Sep 2020
Modification date: 06 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13757

Description

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of
ciphertext. This could conceivably have a security-relevant impact, e.g.,
by helping an attacker to infer that an application uses Python-RSA, or if
the length of accepted ciphertext affects application behavior (such as by
causing excessive memory allocation). (CVE-2020-13757)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26954
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757

SRPMS

7/core

• python-rsa-4.0-1.1.mga7