Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201601-23 ========================================= Severity: Medium Date : 2016-01-25 CVE-ID : CVE-2016-1494 Package : python-rsa Type : signature forgery Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package python-rsa before version 3.3-1 is vulnerable to signature forgery. Resolution ========= Upgrade to 3.3-1. # pacman -Syu "python-rsa>=3.3-1" The problem has been fixed upstream in version 3.3. Workaround ========= None. Description ========== The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. Impact ===== A remote attacker is able to spoof certain signatures via crafted signature padding. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494 https://words.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/