Package name
pycrypto
Date
2009-02-23
Advisory ID
MDVSA-2009:049-1
Affected versions
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

A vulnerability have been discovered and corrected in PyCrypto
ARC2 module 2.0.1, which allows remote attackers to cause a denial
of service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544).

The updated packages have been patched to prevent this.

Update:

The previous update package was not signed.

Updated packages

2009.0 x86_64

 a9c40ff85f100eb526b0f0ae32f00847  2009.0/x86_64/pycrypto-2.0.1-3.2mdv2009.0.x86_64.rpm 
 e62c0d3f5a3876e3b133f24e999ef43d  2009.0/SRPMS/pycrypto-2.0.1-3.2mdv2009.0.src.rpm

2008.0 i586

 f31a0d508eafe731128deb0122796f94  2008.0/i586/pycrypto-2.0.1-1.2mdv2008.0.i586.rpm 
 a68bc35174eb2087b91e96c21c78be75  2008.0/SRPMS/pycrypto-2.0.1-1.2mdv2008.0.src.rpm

2009.0 i586

 b2336808c78f3fdd09f60897d0d35205  2009.0/i586/pycrypto-2.0.1-3.2mdv2009.0.i586.rpm 
 e62c0d3f5a3876e3b133f24e999ef43d  2009.0/SRPMS/pycrypto-2.0.1-3.2mdv2009.0.src.rpm

CS4.0 i586

 3b74a2633ca5b9375e56b28aad74f4c4  corporate/4.0/i586/pycrypto-2.0-1.2.20060mlcs4.i586.rpm 
 ace401a029dbba1943e9549ddcd00964  corporate/4.0/SRPMS/pycrypto-2.0-1.2.20060mlcs4.src.rpm

2008.0 x86_64

 39b1f6c3a2a4ab36884bc881550a9579  2008.0/x86_64/pycrypto-2.0.1-1.2mdv2008.0.x86_64.rpm 
 a68bc35174eb2087b91e96c21c78be75  2008.0/SRPMS/pycrypto-2.0.1-1.2mdv2008.0.src.rpm

CS4.0 x86_64

 ab3d0ef979d7812c7f8aeccf349e4c63  corporate/4.0/x86_64/pycrypto-2.0-1.2.20060mlcs4.x86_64.rpm 
 ace401a029dbba1943e9549ddcd00964  corporate/4.0/SRPMS/pycrypto-2.0-1.2.20060mlcs4.src.rpm

2008.1 x86_64

 92a147879e470d2b012e8cda9580eac0  2008.1/x86_64/pycrypto-2.0.1-2.2mdv2008.1.x86_64.rpm 
 5fc3117ec78f4cdbc0fb7231bd1cc28e  2008.1/SRPMS/pycrypto-2.0.1-2.2mdv2008.1.src.rpm

2008.1 i586

 73f70b1c20aca5d03c631f70afaa6e47  2008.1/i586/pycrypto-2.0.1-2.2mdv2008.1.i586.rpm 
 5fc3117ec78f4cdbc0fb7231bd1cc28e  2008.1/SRPMS/pycrypto-2.0.1-2.2mdv2008.1.src.rpm

References