Описание
Security update for python-ecdsa
This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:
- CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
- CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2474-1
- SUSE Security Ratings
- SUSE Bug 1153165
- SUSE Bug 1154217
- SUSE CVE CVE-2019-14853 page
- SUSE CVE CVE-2019-14859 page
Описание
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Затронутые продукты
Ссылки
- CVE-2019-14853
- SUSE Bug 1153165
Описание
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Затронутые продукты
Ссылки
- CVE-2019-14859
- SUSE Bug 1154217