Mageia: 2020-0002 Denial Of Service in python-ecdsa Security Advisory
mageia
January 5, 2020
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures
Summary
Updated python-ecdsa packages fix security vulnerabilities:
It was discovered that python-ecdsa incorrectly handled certain signatures.
A remote attacker could possibly use this issue to cause python-ecdsa to
generate unexpected exceptions, resulting in a denial of service
(CVE-2019-14853).
It was discovered that python-ecdsa incorrectly verified DER encoding in
signatures. A remote attacker could use this issue to perform certain
malleability attacks (CVE-2019-14859).
References
- https://bugs.mageia.org/show_bug.cgi?id=25729
- https://ubuntu.com/security/notices/USN-4196-1
- https://www.cve.org/CVERecord?id=CVE-2019-14853
- https://www.cve.org/CVERecord?id=CVE-2019-14859
Resolution
SRPMS
- 7/core/python-ecdsa-0.13.3-1.mga7
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0002.html
Type: security
CVE: CVE-2019-14853,
CVE-2019-14859
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!