You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-ecdsa

Sigurnosni nedostaci programskog paketa python-ecdsa

==========================================================================
Ubuntu Security Notice USN-4196-1
November 18, 2019

python-ecdsa vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in python-ecdsa.

Software Description:
– python-ecdsa: ECDSA cryptographic signature library

Details:

It was discovered that python-ecdsa incorrectly handled certain signatures.
A remote attacker could possibly use this issue to cause python-ecdsa to
generate unexpected exceptions, resulting in a denial of service.
(CVE-2019-14853)

It was discovered that python-ecdsa incorrectly verified DER encoding in
signatures. A remote attacker could use this issue to perform certain
malleability attacks. (CVE-2019-14859)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
python-ecdsa 0.13.2-2ubuntu0.1
python3-ecdsa 0.13.2-2ubuntu0.1

Ubuntu 19.04:
python-ecdsa 0.13-3ubuntu0.1
python3-ecdsa 0.13-3ubuntu0.1

Ubuntu 18.04 LTS:
python-ecdsa 0.13-2ubuntu0.18.04.1
python3-ecdsa 0.13-2ubuntu0.18.04.1

Ubuntu 16.04 LTS:
python-ecdsa 0.13-2ubuntu0.16.04.1
python3-ecdsa 0.13-2ubuntu0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4196-1
CVE-2019-14853, CVE-2019-14859

Package Information:
https://launchpad.net/ubuntu/+source/python-ecdsa/0.13.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-ecdsa/0.13-3ubuntu0.1
https://launchpad.net/ubuntu/+source/python-ecdsa/0.13-2ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/python-ecdsa/0.13-2ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3SqCwACgkQZWnYVadE
vpNLfw/6AkJGUdl050Gaq+cJpqcElV6luRycOzYVkVN41t1QTf+dQA96whvZxKSZ
eKQufqSdAexb4fLb7163EWWyBK+5v89sJEZpIH/B2hXWNqeQoUR+Gmf5oA/TVdNA
2DeSFNyldx+Z4zX/ZQYiqI7iVU/jDAbo/zaBFwkNYO9Bg19BjkmeXwljcROLwbuM
OKkrxi/NHzH+3ZVi90vSMGXr55rbmfOI6rBSjXDyhwHsA6njbznsj9UTQPsTXJR1
usqxiBKgEAXAspv+ZpxRU1BqovkjkuW1tJZC8v7FvYi0q6Qi82Eod03w6rYSU+iu
DF7mb5DAWH4sPwydX28lrO0sXSDTZ8H6Mnb0Do/RX8lNlmLvlhwSLnuvxaaTBfzU
sXqBNBui/k17D4cMnKm7z0cAgPI5f7HiGMIFvtTGAYHw430DzNR8MBnV71UONmny
a5lBHJuAz/Iptlp87Vhyd7T8F1iXjIc9kct+SmstWook1T4fQ65/MVyuOPOM8KVs
rcDiw4LMLa66brTSd+BSAp+0ljdSUnW+gY0qoynaY3dJJOXh5hKg8vk7RUb8/8AZ
+ps4d2dhT24LLM9ENh3qU/yTyKGGSSElu6FQHm8cQIWd7BXVcV/i5cYu61b54iSq
YON1ME4n7kFN6BLXjUc4iklO8vG5iYP9/p3rOmg9duMSCt7+Dow=
=oeSG
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa ucode-intel

Otkriveni su sigurnosni nedostaci u programskom paketu ucode-intel za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close