Sponsored By

Sign in to follow this  

Update For Python-crypto Library

Recommended Posts

27 February 2009, 11:43

Update for python-crypto library

Various Linux distributors are now shipping an important update to the PyCrypto python cryptography library. Security experts had discovered a vulnerability in version 2.0.1 of the Python module that could allow for denial of service attacks, or the injection of arbitrary malicious code over the network.

The PyCrypto library is widely used; for example, the Revelation password manager and glipper clipboard manager both use it, and they are both components of the GNOME desktop. BitTornado, the bittorrent client, also uses PyCrypto. The bug in the library can be found in the ARC2 module, where the length of an ARC2 key is not properly checked, allowing for a buffer overflow to occur. GNOME users should update their systems with their package management applications as soon as possible.

See also:

PyCrypto ARC2 Module Buffer Overflow Vulnerability, BugTraq report.


Heise Security - http://www.h-online.com/security/Update-fo...y--/news/112740

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this