Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Fedora 24: Critical Heap Problem in FEDORA-2017-08207fe48b Alert

fedora
Calendar Grey January 30, 2017
Scroller Fedora
Buffer overflow in Crypto library exposes users using ECB mode, necessitating immediate patching to prevent unauthorized code execution.
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution

Summary

PyCrypto is a collection of both secure hash functions (such as MD5 and

SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).

Update Information:

A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. This is CVE-2013-7459.

Change Log

References


[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure https://bugzilla.redhat.com/show_bug.cgi?id=1409754

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade python-crypto' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-crypto
Product: Fedora 24
Version: 2.6.1
Release: 13.fc24
Summary: Cryptography library for Python

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.