Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913
===========================================================================
Ubuntu Security Notice USN-3199-2
February 17, 2017
Python Crypto regression
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-3199-1 introduced a regression in the Python Cryptography Toolkit which
caused programs which relied on the original behavior to fail.
Software Description:
- python-crypto: cryptographic algorithms and protocols for Python
Details:
USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit.
Unfortunately, various programs depended on the original behavior of the Python
Cryptography Toolkit which was altered when fixing the vulnerability. This
update retains the fix for the vulnerability but issues a warning rather than
throwing an exception. Code which produces this warning should be updated
because future versions of the Python Cryptography Toolkit re-introduce the
exception.
We apologize for the inconvenience.
Original advisory details:
=C2=A0It was discovered that the ALGnew function in block_template.c in the Python
=C2=A0Cryptography Toolkit contained a heap-based buffer overflow vulnerability.
=C2=A0A remote attacker could use this flaw to execute arbitrary code by using
=C2=A0a crafted initialization vector parameter.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
=C2=A0 python-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-6ubuntu0.16.10.3
=C2=A0 python3-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-6ubuntu0.16.10.3
Ubuntu 16.04 LTS:
=C2=A0 python-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-6ubuntu0.16.04.2
=C2=A0 python3-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-6ubuntu0.16.04.2
Ubuntu 14.04 LTS:
=C2=A0 python-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-4ubuntu0.2
=C2=A0 python3-crypto=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A02.6.1-4ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
=C2=A0 http://www.ubuntu.com/usn/usn-3199-2
=C2=A0 http://www.ubuntu.com/usn/usn-3199-1
=C2=A0 CVE-2013-7459
Package Information:
=C2=A0 https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-6ubuntu0.16.10.3
=C2=A0 https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-6ubuntu0.16.04.2
=C2=A0 https://launchpad.net/ubuntu/+source/python-crypto/2.6.1-4ubuntu0.2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed