Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Fedora 25: FEDORA-2017-7c569d396b Critical: Pycrypto Heap Overflow Risk

fedora
Calendar Grey January 30, 2017
Scroller Fedora
A significant buffer overflow in pycryptodome permits execution of arbitrary commands. Users at risk should promptly apply updates.
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution

Summary

PyCrypto is a collection of both secure hash functions (such as MD5 and

SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).

Update Information:

A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. This is CVE-2013-7459.

Change Log

References


[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure https://bugzilla.redhat.com/show_bug.cgi?id=1409754

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade python-crypto' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-crypto
Product: Fedora 25
Version: 2.6.1
Release: 13.fc25
Summary: Cryptography library for Python

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.