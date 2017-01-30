Name : python-crypto

Product : Fedora 25

Version : 2.6.1

Release : 13.fc25

URL : http://www.pycrypto.org/

Summary : Cryptography library for Python

Description :

PyCrypto is a collection of both secure hash functions (such as MD5 and

SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).



Update Information:



A heap-buffer overflow vulnerability was discovered in pycrypto leading to

arbitrary code execution. All users of pycrypto's AES module that allow the

mode

of operation to be specified by an attacker, check for ECB explicitly and

create

the objects without specifying an IV are vulnerable to this issue. This is

CVE-2013-7459.

References:



[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in

ALGobject structure

https://bugzilla.redhat.com/show_bug.cgi?id=1409754

This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade python-crypto' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

