A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.
This is CVE-2013-7459.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2017-7c569d396b
Please login to add feedback.