Описание
Security update for python-ecdsa
This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:
- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).
Список пакетов
Container caasp/v4/k8s-sidecar:0.1.75
python3-ecdsa-0.13.3-3.3.1
Container ses/6/cephcsi/cephcsi:latest
python3-ecdsa-0.13.3-3.3.1
Container ses/6/rook/ceph:latest
python3-ecdsa-0.13.3-3.3.1
Container ses/7/ceph/ceph:latest
python3-ecdsa-0.13.3-3.3.1
Container ses/7/cephcsi/cephcsi:latest
python3-ecdsa-0.13.3-3.3.1
Container ses/7/rook/ceph:latest
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP3-EC2-ECS-HVM
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP3-EC2-HVM
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP3-HPC-Azure
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP3-SAP-Azure
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP3-SAP-EC2-HVM
python3-ecdsa-0.13.3-3.3.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2-HVM
python3-ecdsa-0.13.3-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
python3-ecdsa-0.13.3-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP1
python2-ecdsa-0.13.3-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
python2-ecdsa-0.13.3-3.3.1
Ссылки
- Link for SUSE-SU-2019:2891-2
- E-Mail link for SUSE-SU-2019:2891-2
- SUSE Security Ratings
- SUSE Bug 1153165
- SUSE Bug 1154217
- SUSE CVE CVE-2019-14853 page
- SUSE CVE CVE-2019-14859 page
Описание
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-ecdsa-0.13.3-3.3.1
Container ses/6/cephcsi/cephcsi:latest:python3-ecdsa-0.13.3-3.3.1
Container ses/6/rook/ceph:latest:python3-ecdsa-0.13.3-3.3.1
Container ses/7/ceph/ceph:latest:python3-ecdsa-0.13.3-3.3.1
Ссылки
- CVE-2019-14853
- SUSE Bug 1153165
Описание
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-ecdsa-0.13.3-3.3.1
Container ses/6/cephcsi/cephcsi:latest:python3-ecdsa-0.13.3-3.3.1
Container ses/6/rook/ceph:latest:python3-ecdsa-0.13.3-3.3.1
Container ses/7/ceph/ceph:latest:python3-ecdsa-0.13.3-3.3.1
Ссылки
- CVE-2019-14859
- SUSE Bug 1154217