---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Debian update for python-crypto SECUNIA ADVISORY ID: SA34026 VERIFY ADVISORY: http://secunia.com/advisories/34026/ DESCRIPTION: Debian has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "block_init()" function in src/ARC2.c when processing key data. This can be exploited to caused a buffer overflow by initializing ARC2 with a key longer than 128 bytes. SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.diff.gz Size/MD5 checksum: 10119 1bcc8b9ca25adb5442612ecb08a87773 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz Size/MD5 checksum: 158593 f81d94a506981c67188f08057d797420 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.dsc Size/MD5 checksum: 1294 1f0b48e12f296ba99bfa8da9fa362cb4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_alpha.deb Size/MD5 checksum: 627788 631e1ea5e7f73d59ab07c3986434f11f http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_alpha.deb Size/MD5 checksum: 266176 9c551d2d4a85f90f33ec715df3eeb584 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_amd64.deb Size/MD5 checksum: 572068 ef452cdbc44fa2dd5565c5a3913cf957 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_amd64.deb Size/MD5 checksum: 245640 f79d0401a21ebde70268367435462e84 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_arm.deb Size/MD5 checksum: 544928 d354bb116a8346aa92405e288bd323eb http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_arm.deb Size/MD5 checksum: 235126 55b4ef5994132145f6d17d51076d0351 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_armel.deb Size/MD5 checksum: 544874 a03c5dbbcb16b8ab554010547806fc3d http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_armel.deb Size/MD5 checksum: 230526 71356ee6ddb8be712b909aaaea1f5f48 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_i386.deb Size/MD5 checksum: 520136 d8be00fbefb8abaf7603708852014947 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_i386.deb Size/MD5 checksum: 225730 3c36d456175771351141a5e5f9494308 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_ia64.deb Size/MD5 checksum: 339162 e7d63ed452443707c7e482d612bccb65 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_ia64.deb Size/MD5 checksum: 669298 ee288f0fe63f2f952336f9272732579a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mips.deb Size/MD5 checksum: 227878 51faa12fe32052d6bd9d8f5eb2e5612d http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mips.deb Size/MD5 checksum: 545022 7ec73b47a01bd75460a9ea8afbee8892 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mipsel.deb Size/MD5 checksum: 226694 c47c31f8091a3759ca032211fd8f606b http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mipsel.deb Size/MD5 checksum: 540456 ceea7cce9a95487f7d538854dbfbd0a6 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_powerpc.deb Size/MD5 checksum: 264798 ea753acccc457266739ed3e4b38dab9c http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_powerpc.deb Size/MD5 checksum: 674786 0734263a3974af01562d5c2107787eed s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_s390.deb Size/MD5 checksum: 234282 9ce5e55881a826ccaffc1ffb7bd2e60e http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_s390.deb Size/MD5 checksum: 541262 6756b41a086e615dd5bdb864e4274dae sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_sparc.deb Size/MD5 checksum: 230684 37fc20c2e65c3fe273aac05e76a72789 http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_sparc.de Size/MD5 checksum: 510644 486f3ffd9ee9385eae475580be4fba17 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon. ORIGINAL ADVISORY: DSA-1726-1: http://lists.debian.org/debian-security-announce/2009/msg00035.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------