A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.
This is CVE-2013-7459.
sudo dnf upgrade --refresh --advisory=FEDORA-2017-08207fe48b
Please login to add feedback.
This update has been submitted for testing by pghmcfc.
This update has been pushed to testing.
no regressions noted
Works for me
This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
This update has been submitted for stable by pghmcfc.
This update has been pushed to stable.