Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 19.10: 4196-1 Moderate: Python-Ecdsa Denial Of Service

ubuntu
Calendar Grey November 18, 2019
Dist Ubuntu Esm H88
Multiple security flaws addressed in python-ecdsa for various Ubuntu versions. Discover the details on enhancements and potential risks.
Several security issues were fixed in python-ecdsa.

Summary

Several security issues were fixed in python-ecdsa.

Software Description:

- python-ecdsa: ECDSA cryptographic signature library

Details:

It was discovered that python-ecdsa incorrectly handled certain signatures.

A remote attacker could possibly use this issue to cause python-ecdsa to

generate unexpected exceptions, resulting in a denial of service.

(CVE-2019-14853)

It was discovered that python-ecdsa incorrectly verified DER encoding in

signatures. A remote attacker could use this issue to perform certain

malleability attacks. (CVE-2019-14859)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  python-ecdsa                    0.13.2-2ubuntu0.1
  python3-ecdsa                   0.13.2-2ubuntu0.1

Ubuntu 19.04:
  python-ecdsa                    0.13-3ubuntu0.1
  python3-ecdsa                   0.13-3ubuntu0.1

Ubuntu 18.04 LTS:
  python-ecdsa                    0.13-2ubuntu0.18.04.1
  python3-ecdsa                   0.13-2ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  python-ecdsa                    0.13-2ubuntu0.16.04.1
  python3-ecdsa                   0.13-2ubuntu0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4196-1

CVE-2019-14853, CVE-2019-14859

Severity
important
Lowest
Low
Medium
High
Critical

November 18, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here