GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 09, 2009 2:26 pm Post subject: [ GLSA 200903-11 ] PyCrypto: Execution of arbitrary code |
 |
|
Gentoo Linux Security Advisory
Title: PyCrypto: Execution of arbitrary code (GLSA 200903-11)
Severity: normal
Exploitable: remote
Date: March 09, 2009
Bug(s): #258049
ID: 200903-11
Synopsis
A buffer overflow in PyCrypto might lead to the execution of arbitrary code
when decrypting using ARC2.
Background
PyCrypto is the Python Cryptography Toolkit.
Affected Packages
Package: dev-python/pycrypto
Vulnerable: < 2.0.1-r8
Unaffected: >= 2.0.1-r8
Architectures: All supported architectures
Description
Mike Wiacek of the Google Security Team reported a buffer overflow in
the ARC2 module when processing a large ARC2 key length.
Impact
A remote attacker could entice a user or automated system to decrypt an
ARC2 stream in an application using PyCrypto, possibly resulting in the
execution of arbitrary code or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All PyCrypto users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.0.1-r8" |
References
CVE-2009-0544
Last edited by GLSA on Tue Nov 04, 2014 4:28 am; edited 6 times in total |
|
News & Announcements
