Описание
Security update for python-pycrypto
This update for python-pycrypto fixes the following issues:
- CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420).
python-paramiko was adjusted to work together with this python-pycrypto change. (bsc#1047666)
Список пакетов
SUSE Enterprise Storage 3
python-paramiko-1.15.2-2.3.1
python-pycrypto-2.6.1-10.3.1
SUSE Enterprise Storage 4
python-pycrypto-2.6.1-10.3.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
python-pycrypto-2.6.1-10.3.1
SUSE Linux Enterprise Module for Public Cloud 12
python-paramiko-1.15.2-2.6.1
python-pycrypto-2.6.1-10.3.1
SUSE Linux Enterprise Module for Web and Scripting 12
python-pycrypto-2.6.1-10.3.1
SUSE Linux Enterprise Point of Sale 12 SP2
python-pycrypto-2.6.1-10.3.1
SUSE Manager Client Tools 12
python-pycrypto-2.6.1-10.3.1
SUSE Manager Proxy 3.0
python-pycrypto-2.6.1-10.3.1
SUSE Manager Proxy 3.1
python-pycrypto-2.6.1-10.3.1
SUSE Manager Server 3.0
python-pycrypto-2.6.1-10.3.1
SUSE Manager Server 3.1
python-pycrypto-2.6.1-10.3.1
SUSE OpenStack Cloud 6
python-paramiko-1.15.2-2.3.1
python-pycrypto-2.6.1-10.3.1
SUSE OpenStack Cloud 7
python-pycrypto-2.6.1-10.3.1
Ссылки
- Link for SUSE-SU-2017:2350-1
- E-Mail link for SUSE-SU-2017:2350-1
- SUSE Security Ratings
- SUSE Bug 1017420
- SUSE Bug 1047666
- SUSE CVE CVE-2013-7459 page
Описание
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Затронутые продукты
SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1
SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1
SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1
Ссылки
- CVE-2013-7459
- SUSE Bug 1017420
- SUSE Bug 1047666
- SUSE Bug 1087140