Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 596
Alerts This Week
Warning Icon 1 596

Ubuntu 16.04/16.10 USN-3199-2 Moderate: Python Crypto Regression

ubuntu
Calendar Grey February 17, 2017
Dist Ubuntu Esm H88
Follow these steps to fix the Python Crypto regression issue on Ubuntu 16.04/16.10 while retaining necessary security updates and functionality
USN-3199-1 introduced a regression in the Python Cryptography Toolkit which caused programs which relied on the original behavior to fail.

Summary

USN-3199-1 introduced a regression in the Python Cryptography Toolkit which

caused programs which relied on the original behavior to fail.

Software Description:

- python-crypto: cryptographic algorithms and protocols for Python

Details:

USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit.

Unfortunately, various programs depended on the original behavior of the Python

Cryptography Toolkit which was altered when fixing the vulnerability. This

update retains the fix for the vulnerability but issues a warning rather than

throwing an exception. Code which produces this warning should be updated

because future versions of the Python Cryptography Toolkit re-introduce the

exception.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that the ALGnew function in block_template.c in the Python

 Cryptography Toolkit contained a heap-based buffer overflow vulnerability.

 A remote attacker could use this flaw to execu...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  python-crypto                   2.6.1-6ubuntu0.16.10.3
  python3-crypto                  2.6.1-6ubuntu0.16.10.3

Ubuntu 16.04 LTS:
  python-crypto                   2.6.1-6ubuntu0.16.04.2
  python3-crypto                  2.6.1-6ubuntu0.16.04.2

Ubuntu 14.04 LTS:
  python-crypto                   2.6.1-4ubuntu0.2
  python3-crypto                  2.6.1-4ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3199-2

  https://ubuntu.com/security/notices/USN-3199-1

  CVE-2013-7459

February 17, 2017

Package Information

  https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-6ubuntu0.16.10.3
  https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-6ubuntu0.16.04.2
  https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-4ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.