FEDORA-2017-08207fe48b created by pghmcfc 3 years ago for Fedora 24
stable

A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.

This is CVE-2013-7459.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-08207fe48b

This update has been submitted for testing by pghmcfc.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

User Icon chr77 commented & provided feedback 3 years ago
karma

Works for me

User Icon samoht0 commented & provided feedback 3 years ago
karma

LGTM

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

3 years ago

This update has been submitted for stable by pghmcfc.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1409754 CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure
0
0

Automated Test Results