In association with heise online

27 February 2009, 10:43

Update for python-crypto library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Various Linux distributors are now shipping an important update to the PyCrypto python cryptography library. Security experts had discovered a vulnerability in version 2.0.1 of the Python module that could allow for denial of service attacks, or the injection of arbitrary malicious code over the network.

The PyCrypto library is widely used; for example, the Revelation password manager and glipper clipboard manager both use it, and they are both components of the GNOME desktop. BitTornado, the bittorrent client, also uses PyCrypto. The bug in the library can be found in the ARC2 module, where the length of an ARC2 key is not properly checked, allowing for a buffer overflow to occur. GNOME users should update their systems with their package management applications as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit