Arch Linux: ASA-202307-15 High: Python-ABC Injection Vulnerability
Jan 25, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package python-rsa before version 3.3-1 is vulnerable to signature forgery.
Arch Linux Security Advisory ASA-201601-23 ========================================= Severity: Medium Date : 2016-01-25 CVE-ID : CVE-2016-1494 Package : python-rsa Type : signature forgery Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package python-rsa before version 3.3-1 is vulnerable to signature forgery. Resolution ========= Upgrade to 3.3-1. # pacman -Syu "python-rsa>=3.3-1" The problem has been fixed upstream in version 3.3. Workaround ========= None. Description ========== The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. Impact ===== A remote attacker is able to spoof certain signatures via crafted signature padding. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494 https://words.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!