You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa python-cryptography

Sigurnosni nedostatak programskog paketa python-cryptography

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3138-1
November 28, 2016

python-cryptography vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.10
– Ubuntu 16.04 LTS

Summary:

python-cryptography could generate incorrect keys.

Software Description:
– python-cryptography: Cryptography Python library

Details:

Markus Döring discovered that python-cryptography incorrectly handled
certain HKDF lengths. This could result in python-cryptography returning an
empty string instead of the expected derived key.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
python-cryptography 1.5-2ubuntu0.1
python3-cryptography 1.5-2ubuntu0.1

Ubuntu 16.04 LTS:
python-cryptography 1.2.3-1ubuntu0.1
python3-cryptography 1.2.3-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3138-1
CVE-2016-9243

Package Information:
https://launchpad.net/ubuntu/+source/python-cryptography/1.5-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-cryptography/1.2.3-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJYPIsFAAoJEGVp2FWnRL6TdMoP/20BbWTl79bawcUVW8o5rbWg
83fSBSN/BjMJkCiDguVdZd567Z9qACm3LxFYJufPUGcIjmkwscDqeAzoPIsTM9G8
iQPeASTGZRmzQuMNp5HOH04VZjAVZO0OTwX5o8/HHUNAEeZD4wCr8suSi5W5Veh8
qQmhE/lf1KNytn00g5Tt0gLfyg0T50mjXW3YeBcXiGbAVxK5YTUitqfDMBjszTTp
IU5EmyvLp6/E1bRG+ZuskCManckod7weT6StOqomecszt6ljr5x/1WYeRAmJqlYu
QnEQO0OAP+VjHHRWvX2LbcdPHIbvdorjewXkfQjisRxnDI2nBsE0qJ1hyRe+0i2e
d+5fiZdLCSOU+2wv0gghvOqU1ATBOP3Qfr6n/GeLY91p88m58du5arEi7UcN4rbO
uCBOvTiXqcrJlSjvC3O2WSRKEUKRX83nMh7YQCsPtzhvWkwFRNLSPERsdn9652Jt
nTPWp4D57NyFCUu94XJCANGF2farpDf2zAI6u5cCO9ekGK9MyHgN6nr09cns1Jsq
vlHFKJPJJX4xWh+cNoM6bWu3EoT5nK1Ecjh+6+fKe2TH72T9xfxC0a91kN9/D94I
ZqVehoi58u+PdEeplqHUiZGIG6pG4720EuNKnDk/MuTeyeUyrdEyOf2YxiD+ca91
DkwvkEqme9B0rZdOTgmR
=lgYx
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2016-11-0013-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Nadogradnja za mariadb

Izdana je nadogradnja za otklanjanje ranjivosti u programskom paketu mariadb za SUSE LE. Radi se o nespecificiranim ranjivostima u MySQL...

Close