Explore top 10 tips to secure your open-source projects now. Read More
×
Programs using the Python Cryptography Toolkit could be made to crash or run
programs if they receive specially crafted network traffic or other input.
Software Description:
- python-crypto: cryptographic algorithms and protocols for Python
Details:
It was discovered that the ALGnew function in block_templace.c in the Python
Cryptography Toolkit contained a heap-based buffer overflow vulnerability.
A remote attacker could use this flaw to execute arbitrary code by using
a crafted initialization vector parameter.
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: python-crypto 2.6.1-6ubuntu0.16.10.2 python3-crypto 2.6.1-6ubuntu0.16.10.2 Ubuntu 16.04 LTS: python-crypto 2.6.1-6ubuntu0.16.04.1 python3-crypto 2.6.1-6ubuntu0.16.04.1 Ubuntu 14.04 LTS: python-crypto 2.6.1-4ubuntu0.1 python3-crypto 2.6.1-4ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3199-1
CVE-2013-7459
Get the latest Linux and open source security news straight to your inbox.