Site icon 지락문화예술공작단

USN-3199-1: Python Crypto vulnerability

USN-3199-1: Python Crypto vulnerability

Ubuntu Security Notice USN-3199-1

16th February, 2017

Python Crypto vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Programs using the Python Cryptography Toolkit could be made to crash or run
programs if they receive specially crafted network traffic or other input.

Software description

Details

It was discovered that the ALGnew function in block_templace.c in the Python
Cryptography Toolkit contained a heap-based buffer overflow vulnerability.
A remote attacker could use this flaw to execute arbitrary code by using
a crafted initialization vector parameter.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
python3-crypto

2.6.1-6ubuntu0.16.10.2
python-crypto

2.6.1-6ubuntu0.16.10.2
Ubuntu 16.04 LTS:
python3-crypto

2.6.1-6ubuntu0.16.04.1
python-crypto

2.6.1-6ubuntu0.16.04.1
Ubuntu 14.04 LTS:
python3-crypto

2.6.1-4ubuntu0.1
python-crypto

2.6.1-4ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2013-7459

Source: USN-3199-1: Python Crypto vulnerability

Exit mobile version