Fedora has issued an advisory on September 24: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ The issue is fixed upstream in 4.7.2. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 4.7.2CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated package fixes a security vulnerability: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. (CVE-2020-25658) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ ======================== Updated package in core/updates_testing: ======================== python3-rsa-4.7.2-1.mga8 from SRPM: python-rsa-4.7.2-1.mga8.src.rpm
Status comment: Fixed upstream in 4.7.2 => (none)Assignee: python => qa-bugsWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 8CVE: (none) => CVE-2020-25658
MGA8-64 Plasma on Lenovo B 50 No installation issues. OK'ing on clean install as we do with other developer tools.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0456.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED