| Summary: | python-rsa new security issue CVE-2020-25658 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | python-rsa-4.6-3.mga9.src.rpm | CVE: | CVE-2020-25658 |
| Status comment: | |||
|
Description
David Walser
2021-09-26 18:44:16 CEST
David Walser
2021-09-26 18:44:39 CEST
Status comment:
(none) =>
Fixed upstream in 4.7.2 Suggested advisory: ======================== The updated package fixes a security vulnerability: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. (CVE-2020-25658) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ ======================== Updated package in core/updates_testing: ======================== python3-rsa-4.7.2-1.mga8 from SRPM: python-rsa-4.7.2-1.mga8.src.rpm Status comment:
Fixed upstream in 4.7.2 =>
(none) MGA8-64 Plasma on Lenovo B 50 No installation issues. OK'ing on clean install as we do with other developer tools. Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2021-10-02 19:37:32 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0456.html Resolution:
(none) =>
FIXED |