Update for python-crypto library
Various Linux distributors are now shipping an important update to the PyCrypto python cryptography library. Security experts had discovered a vulnerability in version 2.0.1 of the Python module that could allow for denial of service attacks, or the injection of arbitrary malicious code over the network.
The PyCrypto library is widely used; for example, the Revelation password manager and glipper clipboard manager both use it, and they are both components of the GNOME desktop. BitTornado, the bittorrent client, also uses PyCrypto. The bug in the library can be found in the ARC2 module, where the length of an ARC2 key is not properly checked, allowing for a buffer overflow to occur. GNOME users should update their systems with their package management applications as soon as possible.
See also:
- PyCrypto ARC2 Module Buffer Overflow Vulnerability, BugTraq report.
(djwm)