Описание
Security update for python-ecdsa
This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:
- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).
Список пакетов
HPE Helion OpenStack 8
python-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-BYOS
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-HPC-BYOS
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-SAP-BYOS
python-ecdsa-0.13.3-5.10.1
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-ecdsa-0.13.3-5.10.1
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-EC2-BYOS
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-EC2-ECS-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-EC2-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-EC2-SAP-BYOS
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-EC2-SAP-On-Demand
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-OCI-BYOS-BYOS
python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
python3-ecdsa-0.13.3-5.10.1
SUSE Linux Enterprise Module for Public Cloud 12
python-ecdsa-0.13.3-5.10.1
python3-ecdsa-0.13.3-5.10.1
SUSE Manager Server 3.2
python-ecdsa-0.13.3-5.10.1
SUSE OpenStack Cloud 7
python-ecdsa-0.13.3-5.10.1
SUSE OpenStack Cloud 8
python-ecdsa-0.13.3-5.10.1
SUSE OpenStack Cloud 9
python-ecdsa-0.13.3-5.10.1
SUSE OpenStack Cloud Crowbar 8
python-ecdsa-0.13.3-5.10.1
SUSE OpenStack Cloud Crowbar 9
python-ecdsa-0.13.3-5.10.1
Ссылки
- Link for SUSE-SU-2019:3024-1
- E-Mail link for SUSE-SU-2019:3024-1
- SUSE Security Ratings
- SUSE Bug 1153165
- SUSE Bug 1154217
- SUSE CVE CVE-2019-14853 page
- SUSE CVE CVE-2019-14859 page
Описание
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Затронутые продукты
HPE Helion OpenStack 8:python-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-BYOS:python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-HPC-BYOS:python3-ecdsa-0.13.3-5.10.1
Ссылки
- CVE-2019-14853
- SUSE Bug 1153165
Описание
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Затронутые продукты
HPE Helion OpenStack 8:python-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-BYOS:python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:python3-ecdsa-0.13.3-5.10.1
Image SLES12-SP5-Azure-HPC-BYOS:python3-ecdsa-0.13.3-5.10.1
Ссылки
- CVE-2019-14859
- SUSE Bug 1154217