Explore top 10 tips to secure your open-source projects now. Read More
×PyCrypto is a collection of both secure hash functions (such as MD5 and
SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).
Update Information:
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. This is CVE-2013-7459.
[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade python-crypto' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
Get the latest Linux and open source security news straight to your inbox.