Debian: DSA-1726-1: New python-crypto packages fix denial of service

    Date25 Feb 2009
    CategoryDebian
    49
    Posted ByLinuxSecurity Advisories
    Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1726-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    February 25, 2009                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : python-crypto
    Vulnerability  : buffer overflow
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2009-0544
    
    Mike Wiacek discovered that a buffer overflow in the ARC2 implementation
    of Python Crypto, a collection of cryptographic algorithms and protocols
    for Python allows denial of service and potentially the execution of
    arbitrary code.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.0.1+dfsg1-2.3+lenny0.
    
    Due to a technical limitation in the Debian archive management scripts
    the update for the old stable distribution (etch) cannot be released
    synchronously. It will be fixed in version 2.0.1+dfsg1-1.2+etch0 soon.
    
    For the unstable distribution (sid), this problem will be fixed soon.
    
    We recommend that you upgrade your python-crypto package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.diff.gz
        Size/MD5 checksum:    10119 1bcc8b9ca25adb5442612ecb08a87773
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
        Size/MD5 checksum:   158593 f81d94a506981c67188f08057d797420
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.dsc
        Size/MD5 checksum:     1294 1f0b48e12f296ba99bfa8da9fa362cb4
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_alpha.deb
        Size/MD5 checksum:   627788 631e1ea5e7f73d59ab07c3986434f11f
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_alpha.deb
        Size/MD5 checksum:   266176 9c551d2d4a85f90f33ec715df3eeb584
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_amd64.deb
        Size/MD5 checksum:   572068 ef452cdbc44fa2dd5565c5a3913cf957
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_amd64.deb
        Size/MD5 checksum:   245640 f79d0401a21ebde70268367435462e84
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_arm.deb
        Size/MD5 checksum:   544928 d354bb116a8346aa92405e288bd323eb
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_arm.deb
        Size/MD5 checksum:   235126 55b4ef5994132145f6d17d51076d0351
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_armel.deb
        Size/MD5 checksum:   544874 a03c5dbbcb16b8ab554010547806fc3d
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_armel.deb
        Size/MD5 checksum:   230526 71356ee6ddb8be712b909aaaea1f5f48
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_i386.deb
        Size/MD5 checksum:   520136 d8be00fbefb8abaf7603708852014947
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_i386.deb
        Size/MD5 checksum:   225730 3c36d456175771351141a5e5f9494308
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_ia64.deb
        Size/MD5 checksum:   339162 e7d63ed452443707c7e482d612bccb65
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_ia64.deb
        Size/MD5 checksum:   669298 ee288f0fe63f2f952336f9272732579a
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mips.deb
        Size/MD5 checksum:   227878 51faa12fe32052d6bd9d8f5eb2e5612d
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mips.deb
        Size/MD5 checksum:   545022 7ec73b47a01bd75460a9ea8afbee8892
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
        Size/MD5 checksum:   226694 c47c31f8091a3759ca032211fd8f606b
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
        Size/MD5 checksum:   540456 ceea7cce9a95487f7d538854dbfbd0a6
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
        Size/MD5 checksum:   264798 ea753acccc457266739ed3e4b38dab9c
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
        Size/MD5 checksum:   674786 0734263a3974af01562d5c2107787eed
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_s390.deb
        Size/MD5 checksum:   234282 9ce5e55881a826ccaffc1ffb7bd2e60e
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_s390.deb
        Size/MD5 checksum:   541262 6756b41a086e615dd5bdb864e4274dae
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_sparc.deb
        Size/MD5 checksum:   230684 37fc20c2e65c3fe273aac05e76a72789
      http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_sparc.de
        Size/MD5 checksum:   510644 486f3ffd9ee9385eae475580be4fba17
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.