Paketname
pycrypto
Datum
2009-02-20
Advisory ID
MDVSA-2009:049
Betroffene Versionen
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

A vulnerability have been discovered and corrected in PyCrypto
ARC2 module 2.0.1, which allows remote attackers to cause a denial
of service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544).

The updated packages have been patched to prevent this.

Aktualisierte Pakete

2009.0 x86_64

 a73c8d582e79e88a3b41b146ac137c7d  2009.0/x86_64/pycrypto-2.0.1-3.1mdv2009.0.x86_64.rpm 
 284d315d31be7c9c4653e08b913ba380  2009.0/SRPMS/pycrypto-2.0.1-3.1mdv2009.0.src.rpm

2008.0 i586

 4de11f080f4dfd01695c0627f02c4c6a  2008.0/i586/pycrypto-2.0.1-1.1mdv2008.0.i586.rpm 
 1cd88426fcdb24d629b0fb4ec0314ce1  2008.0/SRPMS/pycrypto-2.0.1-1.1mdv2008.0.src.rpm

2009.0 i586

 88819dec46e49db09a2adec77c6e7144  2009.0/i586/pycrypto-2.0.1-3.1mdv2009.0.i586.rpm 
 284d315d31be7c9c4653e08b913ba380  2009.0/SRPMS/pycrypto-2.0.1-3.1mdv2009.0.src.rpm

CS4.0 i586

 a1098e064ef48bbeb7c29bbb3856d20e  corporate/4.0/i586/pycrypto-2.0-1.1.20060mlcs4.i586.rpm 
 2b36370cb7c50e2e97754835685ff5b5  corporate/4.0/SRPMS/pycrypto-2.0-1.1.20060mlcs4.src.rpm

2008.0 x86_64

 90069f7c2307626f0b09ea93ce1313ab  2008.0/x86_64/pycrypto-2.0.1-1.1mdv2008.0.x86_64.rpm 
 1cd88426fcdb24d629b0fb4ec0314ce1  2008.0/SRPMS/pycrypto-2.0.1-1.1mdv2008.0.src.rpm

CS4.0 x86_64

 7c44b73cf1fd308b015abd1e7b710972  corporate/4.0/x86_64/pycrypto-2.0-1.1.20060mlcs4.x86_64.rpm 
 2b36370cb7c50e2e97754835685ff5b5  corporate/4.0/SRPMS/pycrypto-2.0-1.1.20060mlcs4.src.rpm

2008.1 x86_64

 512f5b30b52e9b2ab9bad3e98674bb07  2008.1/x86_64/pycrypto-2.0.1-2.1mdv2008.1.x86_64.rpm 
 0ec575b2b3972f9dced1b831b2c35fec  2008.1/SRPMS/pycrypto-2.0.1-2.1mdv2008.1.src.rpm

2008.1 i586

 e3897524dbf402bb3b4bf3f0f778b8d5  2008.1/i586/pycrypto-2.0.1-2.1mdv2008.1.i586.rpm 
 0ec575b2b3972f9dced1b831b2c35fec  2008.1/SRPMS/pycrypto-2.0.1-2.1mdv2008.1.src.rpm

Referenzen