Описание
Security update for python-rsa
This update for python-rsa fixes the following issues:
- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)
Список пакетов
Image SLES12-SP4-EC2-HVM-BYOS
python-rsa-3.1.4-12.16.1
Image SLES12-SP4-SAP-EC2-HVM
python-rsa-3.1.4-12.16.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-BYOS
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-On-Demand
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-SAP-BYOS
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-GCE-SAP-BYOS
python-rsa-3.1.4-12.16.1
Image SLES12-SP5-GCE-SAP-On-Demand
python-rsa-3.1.4-12.16.1
SUSE Linux Enterprise Module for Public Cloud 12
python-rsa-3.1.4-12.16.1
SUSE OpenStack Cloud 7
python-rsa-3.1.4-12.16.1
Ссылки
- Link for SUSE-SU-2021:2237-1
- E-Mail link for SUSE-SU-2021:2237-1
- SUSE Security Ratings
- SUSE Bug 1172389
- SUSE CVE CVE-2020-13757 page
Описание
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
Затронутые продукты
Image SLES12-SP4-EC2-HVM-BYOS:python-rsa-3.1.4-12.16.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS:python-rsa-3.1.4-12.16.1
Image SLES12-SP4-SAP-EC2-HVM:python-rsa-3.1.4-12.16.1
Image SLES12-SP5-EC2-BYOS:python-rsa-3.1.4-12.16.1
Ссылки
- CVE-2020-13757
- SUSE Bug 1172389