|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0011 (python-rsa)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0011: Updated python-rsa packages fix security vulnerability 


Date:
    	      Tue, 12 Jan 2016 10:14:31 +0100


Message-ID:
    	      <20160112091431.E2F0721C102@valstar.mageia.org>


MGASA-2016-0011 - Updated python-rsa packages fix security vulnerability

Publication date: 12 Jan 2016
URL: http://advisories.mageia.org/MGASA-2016-0011.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-1494

Description:
A signature forgery vulnerability in python-rsa allows an attacker to fake
signatures for arbitrary messages for any key with a low exponent "e",
such as the common value of 3 (CVE-2016-1494).

References:
- https://bugs.mageia.org/show_bug.cgi?id=17451
- https://blog.filippo.io/bleichenbacher-06-signature-forge...
- http://openwall.com/lists/oss-security/2016/01/05/3
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1494

SRPMS:
- 5/core/python-rsa-3.1.4-6.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds