MDVSA-2009:049
- Package name
- pycrypto
- Date
- 2009-02-20
- Advisory ID
- MDVSA-2009:049
- Affected versions
- 2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586
Problem description
A vulnerability have been discovered and corrected in PyCrypto
ARC2 module 2.0.1, which allows remote attackers to cause a denial
of service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544).
The updated packages have been patched to prevent this.
Updated packages
2009.0 x86_64
a73c8d582e79e88a3b41b146ac137c7d 2009.0/x86_64/pycrypto-2.0.1-3.1mdv2009.0.x86_64.rpm 284d315d31be7c9c4653e08b913ba380 2009.0/SRPMS/pycrypto-2.0.1-3.1mdv2009.0.src.rpm
2008.0 i586
4de11f080f4dfd01695c0627f02c4c6a 2008.0/i586/pycrypto-2.0.1-1.1mdv2008.0.i586.rpm 1cd88426fcdb24d629b0fb4ec0314ce1 2008.0/SRPMS/pycrypto-2.0.1-1.1mdv2008.0.src.rpm
2009.0 i586
88819dec46e49db09a2adec77c6e7144 2009.0/i586/pycrypto-2.0.1-3.1mdv2009.0.i586.rpm 284d315d31be7c9c4653e08b913ba380 2009.0/SRPMS/pycrypto-2.0.1-3.1mdv2009.0.src.rpm
CS4.0 i586
a1098e064ef48bbeb7c29bbb3856d20e corporate/4.0/i586/pycrypto-2.0-1.1.20060mlcs4.i586.rpm 2b36370cb7c50e2e97754835685ff5b5 corporate/4.0/SRPMS/pycrypto-2.0-1.1.20060mlcs4.src.rpm
2008.0 x86_64
90069f7c2307626f0b09ea93ce1313ab 2008.0/x86_64/pycrypto-2.0.1-1.1mdv2008.0.x86_64.rpm 1cd88426fcdb24d629b0fb4ec0314ce1 2008.0/SRPMS/pycrypto-2.0.1-1.1mdv2008.0.src.rpm
CS4.0 x86_64
7c44b73cf1fd308b015abd1e7b710972 corporate/4.0/x86_64/pycrypto-2.0-1.1.20060mlcs4.x86_64.rpm 2b36370cb7c50e2e97754835685ff5b5 corporate/4.0/SRPMS/pycrypto-2.0-1.1.20060mlcs4.src.rpm
2008.1 x86_64
512f5b30b52e9b2ab9bad3e98674bb07 2008.1/x86_64/pycrypto-2.0.1-2.1mdv2008.1.x86_64.rpm 0ec575b2b3972f9dced1b831b2c35fec 2008.1/SRPMS/pycrypto-2.0.1-2.1mdv2008.1.src.rpm
2008.1 i586
e3897524dbf402bb3b4bf3f0f778b8d5 2008.1/i586/pycrypto-2.0.1-2.1mdv2008.1.i586.rpm 0ec575b2b3972f9dced1b831b2c35fec 2008.1/SRPMS/pycrypto-2.0.1-2.1mdv2008.1.src.rpm