Peaches Posted February 28, 2009 Report Share Posted February 28, 2009 27 February 2009, 11:43Update for python-crypto library Various Linux distributors are now shipping an important update to the PyCrypto python cryptography library. Security experts had discovered a vulnerability in version 2.0.1 of the Python module that could allow for denial of service attacks, or the injection of arbitrary malicious code over the network.The PyCrypto library is widely used; for example, the Revelation password manager and glipper clipboard manager both use it, and they are both components of the GNOME desktop. BitTornado, the bittorrent client, also uses PyCrypto. The bug in the library can be found in the ARC2 module, where the length of an ARC2 key is not properly checked, allowing for a buffer overflow to occur. GNOME users should update their systems with their package management applications as soon as possible.See also:PyCrypto ARC2 Module Buffer Overflow Vulnerability, BugTraq report.(djwm) Heise Security - http://www.h-online.com/security/Update-fo...y--/news/112740 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.