rss-bot
March 5th, 2009, 07:40 PM
Referenced CVEs:
CVE-2009-0544
Description:
================================================== ========= Ubuntu Security Notice USN-729-1 March 05, 2009 python-crypto vulnerability CVE-2009-0544 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1 Ubuntu 7.10: python-crypto 2.0.1+dfsg1-2ubuntu1.1 Ubuntu 8.04 LTS: python-crypto 2.0.1+dfsg1-2.1ubuntu1.1 Ubuntu 8.10: python-crypto 2.0.1+dfsg1-2.3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to a denial of service.
More... (http://www.ubuntu.com/usn/usn-729-1)
CVE-2009-0544
Description:
================================================== ========= Ubuntu Security Notice USN-729-1 March 05, 2009 python-crypto vulnerability CVE-2009-0544 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1 Ubuntu 7.10: python-crypto 2.0.1+dfsg1-2ubuntu1.1 Ubuntu 8.04 LTS: python-crypto 2.0.1+dfsg1-2.1ubuntu1.1 Ubuntu 8.10: python-crypto 2.0.1+dfsg1-2.3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to a denial of service.
More... (http://www.ubuntu.com/usn/usn-729-1)