Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2009:050

Package name: python-pycrypto
Date: 2009-02-20
Advisory ID: MDVSA-2009:050
Affected versions: 2009.0 x86_64 , 2009.0 i586

Problem description

A vulnerability have been discovered and corrected in PyCrypto
ARC2 module 2.0.1, which allows remote attackers to cause a denial
of service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 b5ccb51f68d70b10f93aca1785e8b90d  2009.0/x86_64/python-pycrypto-2.0.1-4.1mdv2009.0.x86_64.rpm 
 469e8ca8ca83ab6a8e6a7a678fd2d197  2009.0/SRPMS/python-pycrypto-2.0.1-4.1mdv2009.0.src.rpm

2009.0 i586

 408f60e091c28ab304bed71fd4fb31e6  2009.0/i586/python-pycrypto-2.0.1-4.1mdv2009.0.i586.rpm 
 469e8ca8ca83ab6a8e6a7a678fd2d197  2009.0/SRPMS/python-pycrypto-2.0.1-4.1mdv2009.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544