The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-729-1] Python Crypto vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Thu, 5 Mar 2009 15:38:36 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-729-1] Python Crypto vulnerability
Message-ID: <20090305233836.GQ10132@outflux.net.>
MIME-Version: 1.0
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.64 on 10.2.0.1
X-Mailman-Approved-At: Thu, 05 Mar 2009 23:48:23 +0000
Cc: [email protected], [email protected]
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.8
Reply-To: [email protected],
        Ubuntu Security <security@ubuntu.com.>
Content-Type: multipart/mixed; boundary="===============6521363937647685840=="
Mime-version: 1.0
Sender: [email protected]
Errors-To: [email protected]
X-Virus-Scanned: antivirus-gw at tyumen.ru


--===============6521363937647685840==
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="oTHb8nViIGeoXxdp"
Content-Disposition: inline


--oTHb8nViIGeoXxdp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-729-1 March 05, 2009 python-crypto vulnerability CVE-2009-0544
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1 Ubuntu 7.10: python-crypto 2.0.1+dfsg1-2ubuntu1.1 Ubuntu 8.04 LTS: python-crypto 2.0.1+dfsg1-2.1ubuntu1.1 Ubuntu 8.10: python-crypto 2.0.1+dfsg1-2.3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.diff.gz Size/MD5: 10150 d118d7b4c9cbb3aba916f869d8e5f1b3 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.dsc Size/MD5: 770 29a123e73e9324901e415e4d2be2f323 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz Size/MD5: 158593 f81d94a506981c67188f08057d797420 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb Size/MD5: 11154 e2465021dedb713c54f7d3e814167cf2 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb Size/MD5: 171042 61b21abd565ef958e32a4297066ce701 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb Size/MD5: 11156 3f9ccecc35ad1d27b2818da0d1285b0c http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb Size/MD5: 164156 f09da47006c94472c6c5ae5a77abdcc5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb Size/MD5: 11158 4f9a9214e15aa7d809a7871ec4e5cefe http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb Size/MD5: 182392 9eae34b2b8ace41afb35fabf3199bdd8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb Size/MD5: 11158 a6f18647cd0130a1e64f89c5042f5277 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb Size/MD5: 163300 e115a1d73e987e02803e3c10d1f33c55 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.diff.gz Size/MD5: 10952 4005a6b69726a90b63e96595f8d446ec http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.dsc Size/MD5: 960 6e166f36bff95826ad5739087a9dd9cd http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz Size/MD5: 158593 f81d94a506981c67188f08057d797420 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 486454 ce89d8db64a1a8dee10db8cf18bb30a1 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 235488 c068f30cbe72009209c43e84063b1835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_i386.deb Size/MD5: 447440 605251d220c5e9952a9d4cc8e9c75060 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_i386.deb Size/MD5: 223402 7e3908d6888e172cf2154298f3f8c9f2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 443796 65776fb514a612b9a6e4a4aaa192fc5b http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 220388 8ae74844b825139bbd3e635c4488cb8b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 593560 33e015af10b7a351ee39f676e23653eb http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 268382 ab1646b6dc87493c971dae32243bb242 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 461776 fc87dcebd27091b601e8ccf8e838e453 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 226284 da69ba865e86bc0447076f675d884cf5 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.diff.gz Size/MD5: 11223 6365ecad8f9d716b7c068ab51dd93869 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.dsc Size/MD5: 946 f9a5983f25d35bedcc72a2a5fdd052e3 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz Size/MD5: 158593 f81d94a506981c67188f08057d797420 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb Size/MD5: 568060 aa46cf0d6adc7b0299debc303df435d1 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb Size/MD5: 228736 e5543d872c3562e602408cdb39b03f63 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb Size/MD5: 514430 759b824c6389630b91b2da9e21a86a01 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb Size/MD5: 216922 b4eae87002c9c0a7f18abd9884004a49 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb Size/MD5: 514468 bbf6e3cfa3fdfa1b0e2f89a03dd54ab8 http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb Size/MD5: 216380 1f5250946df65f9d44e9027d2b397152 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb Size/MD5: 676536 334c5ed43ad9cbf7a521045ddbeae7d8 http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb Size/MD5: 258370 c70b751e7ef892ecbf0f5567b16719a0 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb Size/MD5: 511630 ebfb3ca90c327363f19ececcba509a1f http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb Size/MD5: 221378 d98e810a1204c8b83749f19f91210a7b Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.diff.gz Size/MD5: 10354 37fb59b427446ceed5ed5a0800797e26 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.dsc Size/MD5: 1424 41f352a397b85569bc23d0b85f194ed0 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz Size/MD5: 158593 f81d94a506981c67188f08057d797420 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb Size/MD5: 552134 3857f8511956365a9c131c263d82b933 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb Size/MD5: 227784 9349f0d14face27e266dfd4494d9e903 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb Size/MD5: 521518 0d33597259beac8b9b07cb5389b5bac3 http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb Size/MD5: 221226 44f0cbc17dfefef5e250fc547464dd8b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb Size/MD5: 521772 3375c209c1628434943694b85496ab4f http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb Size/MD5: 219324 612edcbece0f14f9903bc9e3b08790a3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb Size/MD5: 682374 b4f032ad1611e4980a1caef7214b68f5 http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb Size/MD5: 269794 1dce6263c85c8cab3c03a104782f1b86 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb Size/MD5: 512496 000f4c1d74291b6db92668a7c845c9b4 http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb Size/MD5: 223042 0b52a4785c733bc85ff28640781f4b4a --oTHb8nViIGeoXxdp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAkmwYnwACgkQH/9LqRcGPm3APgCfe9zlXXc0/wbyhhnIBit56GyC n6IAnjGnz+XoznwVzgPE+gyEYUmXS5en =82lB -----END PGP SIGNATURE----- --oTHb8nViIGeoXxdp-- --===============6521363937647685840== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============6521363937647685840==--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру