Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4035 python-ecdsa security update 31 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-ecdsa Publisher: Debian Operating System: Debian GNU/Linux 8 Linux variants Windows Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-14859 CVE-2019-14853 Original Bulletin: https://security-tracker.debian.org/tracker/DLA-1978-1 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running python-ecdsa check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : python-ecdsa Version : 0.11-1+deb8u1 CVE ID : CVE-2019-14853 CVE-2019-14859 It was discovered that python-ecdsa, a cryptographic signature library for Python, did not correctly verify DER encoded signatures. Malformed signatures could lead to unexpected exceptions and in some cases did not raise any exception. For Debian 8 "Jessie", these problems have been fixed in version 0.11-1+deb8u1. We recommend that you upgrade your python-ecdsa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl25yt5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRabQ//fruNHEk3owXUlCWrv1F9jsCknzhOXu4y0rSzz6VnPFctLWp920ykuhUB UduwGAlkWTSG/4xe5KZyWNvxBFW1+YARe8P+Ed92zAanXUnijxic0v4mbtbAVZG+ LWyVC96f3YxAS/+a1Xfy7kJekRIQyL288V3uCp34QEgMNVJjFK1AUkJXn4ld2Uy2 iVLaur4ZUH0Ghakv9cuHJWaIK4M0HKyHgoJAE8QFbbzvbTgqvtrP3N8qP+RaWZNM hBGslCn09g6/2iYbxC4d4o7Av7LvyUVAm/4v/JgfM4DcBBuR4eOd8U6QLp3hqqJ3 A/oYhE0aitlsNIe8b6fcEe/vWFlXaAzxphGGUdPnuqnh/H31zO8gg0M1h5tZ9JrH uTIe1JIgWsJRnuoe7V9tIBMWGpdmQbQYMjRiuefpqKk76MP4qUbILiLh/O0iCxi6 grFFA2b0CFZpDjUrfUeX4jr2qkHHVO6tCqqMYHmAERXcsbSR95w0ykS8dXYQn0uI hOtMngNAKx7gLbkFIvh5utWjqLcDtzRJr8mAyAPMJG1sv0hxNaYXiHu53XhYhM7G /g1JGkJuq8aqN2PZeIj00TVikNBVs9ywlW4QW8L5KcuPfT95xAESq6xeGh59zrPJ wL8OeJDuNpkeiWBg9aVsJjkZKwUyggD3IQjiV7NYi1mtSTchyxM= =FQQ2 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXbpcA2aOgq3Tt24GAQgL9A//SotTkRTLV5NpH7X823BH6Xax5EIOerCm eAbGxODLzcMLUzIgS7hax3Uqv1QZr4oTOQp1vVcRJKo8IHu28Os7j/FJxEiu8RFY 0ytDokMX/xp99zKsUczyJbvldq4oUUvp1VNBChL1FbaM8+JyCKJVKF+T/X0WWwf6 LcuoURgg+M5LlHOa64VikbZWZi9Kxor912kACxZIWeXv7BojCyzKQSbJZcFEez/W OIJeVInVjOf34Ei/GPjbOZmq10E9p+8xYbslhFDkKK4g3RhkanoUYiBN+b6RZYFB GVrf8DOYDUM1dHM2g9lL4bv/WBLQWcQAEcVOC6lojJXzDxHS7wBasrUKIHSJmsaF pDrpdgfe9Mzkxn0gm2ZjynvHi68m/PhFtnEn8TJFoYhAdAJf9jnlkmt/5oyB85IK O7leMlzLdK48zH3WLUGu710Gn7t5j9OawlyOeRZkw/qSr0lwkk7PLBKm3dgBxwFY qmtXFZaJKo7TC6R//xq5q544H/PvlazqQCpS+PuCntAJOjmiaZu6KuGfGHTvWq39 M/FjZPObiOzY9jrMaX8AG0Cv2qOogQmkFnUu+eaxGeQ8/D7UMwpI+QrsNfAm53gD 6PMPQXEQy77ocAxF516ornyAbSObv+dERlCtVytB6zxLSGJ1o4Xio3sWgcK0g+dc yAIyUcVXkoo= =2Vck -----END PGP SIGNATURE-----