Update For Python-crypto Library

Recommended Posts

27 February 2009, 11:43

Update for python-crypto library

Various Linux distributors are now shipping an important update to the PyCrypto python cryptography library. Security experts had discovered a vulnerability in version 2.0.1 of the Python module that could allow for denial of service attacks, or the injection of arbitrary malicious code over the network.

The PyCrypto library is widely used; for example, the Revelation password manager and glipper clipboard manager both use it, and they are both components of the GNOME desktop. BitTornado, the bittorrent client, also uses PyCrypto. The bug in the library can be found in the ARC2 module, where the length of an ARC2 key is not properly checked, allowing for a buffer overflow to occur. GNOME users should update their systems with their package management applications as soon as possible.

See also:

PyCrypto ARC2 Module Buffer Overflow Vulnerability, BugTraq report.


Heise Security - http://www.h-online.com/security/Update-fo...y--/news/112740

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.